Extreme Networks

mickwombat9 · ‎11-05-2018

I am trying to setup an external captive portal but with mac-auth. I have a user profile for users that have already registered (allowall) and set this in 'apply different user profile for different groups based on Filter-ID'.

When the user does the mac-auth, I see it with the allowall profile, but I still get redirected to the captive portal.

User profile application sequence is set to mac-auth > CWP > SSID.

Has anyone else setup something like this before.

nlowe · ‎12-11-2018

Hi all,

I think you just need to configure the fallback-to-ecwp command via supplemental CLI.

I double checked HiveOS 6.5r10 and this is supported there.

You will need to find the name of the security-object by reviewing the show run output.

show cmds | include fallback-to-ecwp

security-object <string> security additional-auth-method mac-based-auth fallback-to-ecwp

show version

Aerohive Networks, Inc.

Version: HiveOS 6.5r10 build-205308

Build time: Wed Aug 8 10:22:25 UTC 2018

Build cookie: 1808080322-205308

Platform: HiveAP330

Bootloader ver: v1.0.3.4d

TPM ver: v1.2.35.8

Uptime: 13 weeks, 3 days, 13 hours, 44 minutes, 32 seconds

Thanks,

Nick

View solution in original post

sstowell · ‎01-26-2019

And also, AP 121s are only supported until 2021. 3 more years.

sstowell · ‎01-26-2019

If it was a hardware thing I would understand (CWP bypass). I know it is probably a manpower/focus and a push for people to update their APs, which I guess I understand. But by not patching 6.x with new features that are supported in 8.x leaves a lot of people behind. AP121 was a popular AP, for us we have about 50 out of our 100 APs as AP121s. Some of those were only bought a couple years ago. All we want is support for CWP bypass via user profile on 6.x HiveOS.. also, the ability to support DFS channels would be nice, but THAT I understand can be a hardware issue.

AnonymousM · ‎01-26-2019

In response to Irteza, I just joined Aerohive and lead the Customer Success team. I am disappointed that you feel this way. In my first three months at Aerohive, I have met just about everybody in the support team face-to-face and I believe we have a great team that is always willing to help. Even in the best of organizations, things slip through the cracks and I am eager to address your concerns and see how we can turn this experience around.

I know you have a case open at this time and will be happy to direct message you with my contact details so we can discuss how we can improve your experience.

As to Shane and his comments, there are differences between the 6.x and 8.x code that are based on the wireless chipsets from different manufacturers. We will never run 8.x on the AP121s because the chipset is incompatible with the software.

It is true that the AP121s have reached end of sale, but they have many years before they reach end of support. It sounds like the feature you are looking for is unavailable with the hardware in those APs. I am sure you understand as newer models of hardware come out, they have the ability to enable new features that weren't built into the older products. If the feature is important to you, reach out to your SE to discuss what options are available to move forward.

sstowell · ‎01-21-2019

According to Aerohive, they are "legacy" APs. Bull!

irteza_rana · ‎01-21-2019

AP-121s are not End of life, they should support all the code upgrades.

Its just aerohive tends to be little different!

Extreme Networks

External CWP with mac-auth and CWP bypass. Users still have to open CWP even though user profile is allowall.

External CWP with mac-auth and CWP bypass. Users still have to open CWP even though user profile is allowall.