Controllerless Networks

Hello everybody,

did someone succeed to get Instant working against Clearpass Guest as external CP?

I did follow instructions in Instant User Guide_6.1.3.1-3.0.0.0.pdf , and when client connects it gets redirected Clearpass, however then Firefox will say "Connection Interrupted"...see screenshot. (From Internet Explorer  I will get "IE can't display this web")

From Instant perspective client is stuck in "External CP" role.

My impression is that there is proxy in Instant which is misbehaving (e.g. in this state I can display www.microsoft.com but www.google.com get's me "Invalid browser request" page)

Instant version: 6.1.3.4-3.1.0.0_35320

Clearpass version: 3.9

By the way, is there some detailed manual for this scenario?

In your instant role, are you allowing http, https to the clearpass server?

"Access Rules" for this SSID is set to "Unrestricted" which I assume is equivalent of Allow all...

In the clearpass-page.jpg you have the address parameter as clearpass-guest.showroom.cz but it should be the ip address of the virtual controller, NOT the URL of the clearpass guest appliance.

OK, you're right with address field!

But turn's out there was a bigger problem before that.

In Clearpass I had to disable first https for NAS and htttps for Clearpass login. Then I'm able to autheticate over Instant successfully.

Question is, how can I get it running with https?

Seems then client tries to open SSL twice but somehow fails. Interestlingly when client uses SSID without external CP, it has no problems opening https:// on Clearpass so it must be CP related...

Trace attached...

Attachment(s)

trace4.zip   2 KB 1 version