Aruba Instant & Cloud Wi-Fi

Reply
Regular Contributor I
Posts: 178
Registered: ‎12-17-2008

IAP and Clearpass with https captive portal

I have a IAP guest SSID working with Clearpass Guest however when I enable HTTPS redirection in Clearpass, clients encounter a redirect loop and are unable to authenticate.

 

I've also tried sending sending clients direct to httpsby changing the captive portal port to 443 however the IAP fails to use SSL for the connection. You cannot enter a fully qualified captive portal URL in IAP unlike the method used in the regular controllers.

 

Can IAPs support a https captive portal?

 

thanks


--
ACMA ACMP
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: IAP and Clearpass with https captive portal

Have you tried port 80 (just as a test) for the redirection?


Have seen similar scenarios in past versions, and port 80 redirect was the workaround.


JF

Regular Contributor I
Posts: 178
Registered: ‎12-17-2008

Re: IAP and Clearpass with https captive portal

So with the https requirement disabled in Guest->Configuration->Authentication, and IAP config set to port 80 I do get the logon page.

 

If I change the captive portal port in IAP to 443 and a redirect loop on the client.

 

If I leave the captive portal port setting at 80 then clearpass sends a HTTP 302 to redirect to https and I get a redirect loop on the client.

 


--
ACMA ACMP
MVP
Posts: 4,168
Registered: ‎07-20-2011

Re: IAP and Clearpass with https captive portal

Have you tried :4343?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 178
Registered: ‎12-17-2008

Re: IAP and Clearpass with https captive portal

No I haven't tried 4343, is this a port normally associated with clearpass?


--
ACMA ACMP
Guru Elite
Posts: 8,175
Registered: ‎09-08-2010

Re: IAP and Clearpass with https captive portal

4343 is usually the management access port for Aruba products.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: IAP and Clearpass with https captive portal

Sounds like a config issue with the certs/public cert...or OSCP check from the client.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Regular Contributor I
Posts: 178
Registered: ‎12-17-2008

Re: IAP and Clearpass with https captive portal

So it's the exact same client and clearpass config being used for a captive portal via a 7210 controller - and that works.

 

When a client is redirected from an Instant VC we encounter the problem.

In the 7210 you specify a https URL directly. In IAP you don't seem to be able to, so Clearpass Guest has been set to do it via

Configuration->Authentication->Require HTTPS for guest access. When this is unticked, captive portal from the IAP works.

 

A redirect loop kind of makes sense, since the VC is redirecting any http from the client, and then clearpass tries to redirect the client to https, which is then redirected to http via the VC and so on..

 

 


--
ACMA ACMP
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: IAP and Clearpass with https captive portal

Glad you got out of the woods on this one per the guidance above, and some elbow grease.  nice work!

 

On to the next one? ;)

JF

Regular Contributor I
Posts: 178
Registered: ‎12-17-2008

Re: IAP and Clearpass with https captive portal

Well the issue is still there, I've just been describing the problem in a bit more detail. 

Instant should be able to handle redirection by clearpass as per ArubaOS.

 


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: