Hi everyone!
I want to authenticate wired clients with the control captive portal.
I got universal 5420F Switches running EXOS/Switch Engine.
The goal is:
All unregistered clients shall be moved to VLAN 400 and redirected to the portal.
After portal login, the switch needs to apply a different role/policy to the client, based on user groups, to limit network access.
The VLAN dose not change.
What I got:
I created a role “Unregistriert”, which uses “Contain to VLAN 400” and “HTTP redirect”.
The role has some services/rules attached to allow arp, dhcp, dns and traffic to the portal. Last rule should deny all ipv4 traffic. (See Screenshots)
A client connects, the switch applys "Unregistriert", client is moved to VLAN 400 and gets redirect to the portal, this is working.
But even without logging in to the portal, the client has full network and internet access.
Do you know what is wrong?
172.17.32.0/20 is the Client subnet in VLAN 400
172.31.2.31 is the control engine.
Best regards
Niko
1 ACCEPTED SOLUTION
Problem is solved!
First:
I had set "Global Domain Settings" to "Role ACL Mode".
I unchecked that.
Second:
I changed the "Unregistriert" Role - Access Control to Deny Traffic
Third:
I use the RFC 3580 - VLAN ID
Which sets the VLAN via Accept Policy
And last I changed some of the services.
Best Regards
Niko
Problem is solved!
First:
I had set "Global Domain Settings" to "Role ACL Mode".
I unchecked that.
Second:
I changed the "Unregistriert" Role - Access Control to Deny Traffic
Third:
I use the RFC 3580 - VLAN ID
Which sets the VLAN via Accept Policy
And last I changed some of the services.
Best Regards
Niko
