08-14-2015 12:41 PM
Big background up front: I had a lab with an HP switch for users, a MAS 1500 for redirection (maybe) and head-end, and a 7005 controller. this is all segregated via Cisco ASA to simulate a remote office. Our ClearPass appliance is not in this segregated lab, since it is a VM and we don't have a big enough lab/budget to have VM in the lab. With this setup, everything seemed to be working fine - although I am almost positive that it was actually the controller handling all of the redirection rather than the MAS.
Well, since our remote sites DO have MAS switches, but DO NOT have controllers, I have moved the controller to the other side of the firewall with the VM, thus ensuring that I am both emulating a remote site, and that I am indeed doing the redirection with the MAS rather than the controller. This SEEMS to be working.
However, when the controller was doing the redirection, it was seamless: open IE, go directly to ClearPass login page. Now, with the MAS doing redirection, when you open IE you are given an "Authentication Required, Click here to proceed" page. Of course, we want to remove that manual step and have the redirection be seamless again.
Other than the config below, is there any other info I can provide to help with finding a solution?
interface gigabitethernet "1/0/0"
interface gigabitethernet "1/0/1"
no trusted port
interface gigabitethernet "1/0/2"
no trusted port
interface-profile switching-profile "trunk"
trunk allowed vlan 427-429,527
interface-profile switching-profile "vlan426"
interface-profile switching-profile "vlan526"
aaa authentication captive-portal "CLEARPASS-BYODLOGIN-PORTAL"
aaa authentication captive-portal "CLEARPASS-POSTURE-PORTAL"
aaa profile "CLEARPASS-BYODLOGIN-AAA"
aaa profile "CLEARPASS-POSTURE-AAA"
Solved! Go to Solution.
08-14-2015 12:55 PM