Hi All, Trying to get PacketFence working with an Aruba / HPE 2530 switch + captive portal.
PacketFence: Latest ZEN build Aruba HPE Firmware: YA.16.11.0004 Goal: For a given Ethernet port, when a device plugs in, they should redirect to a Captive Portal where they have to accept the terms. My long term goal is they get a captive portal, and depending on their realm/email address domain, they either auth to Azure AD or to another identity provider. I set the "Type" to Aruba::2930M as this switch is running the latest firmware and it is branded as Aruba these days and not HPE ProCurve. Not sure if that is a mistake or not. Reviewing the guide at https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_aruba and https://techhub.hpe.com/eginfolib/Aruba/16.09/5200-5888/index.html#v35756920.html, there wasn't much there for Captive portal. I assume you need to use MAC based + Captive portal? In reviewing the output from raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000, I can see that it sends the following to the switch, where 192.168.0.100 is PacketFence: HP-Captive-Portal-URL := "http://192.168.0.100/Aruba::2930M/?"; The switch side claims the user is authenticated (show port-access <Port #> mac-based), and that it consumed the ACL from PacketFence ("permit in tcp from any to any", just for testing). On the PacketFence side under Auditing, I see the Auth Status as Accept/green, and it is using the MAC address as the username. However, on the Windows 10 client, they have no network access and are never directed to a captive portal. This post https://sourceforge.net/p/packetfence/mailman/packetfence-users/thread/361bb38b-0657-0eb1-b16f-a92cfdf78836%40inverse.ca/ and https://packetfence-users.narkive.com/Ne5sNROG/802-1x-and-mac-auth-on-hp-procurve-switches is similar to my config, but no luck following their steps. My thought was maybe the SNMP trap settings need to be something specific? But since PacketFence is replying with VLAN ID to use, ACL, and Captive Portal URL, I figured the setup should be working. I know this is a long shot, but I'm hoping someone out there also runs these Aruba switches :) Thanks all, Joe _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
