Security

Reply
New Contributor
Posts: 4
Registered: ‎01-13-2014

After Amigopod to Clearpass Guest migration self-registration process no longer completes.

Hi Guys, 

I recently (last Thursday) worked on an Amigopod to Clearpass Guest migration.  We followed all of the correct steps and have everything working on the Clearpass side (and in-service), but an issue that we're running into with Self-Registration is that once you enter your name and email address, click "Continue" and get your username and password, then click "Login", the redirect to securelogin.arubanetworks.com doesn't work.  We know why this doesn't work, the role on the Aruba controller for authenticated guests has a rule disallowing access to any RFC 1918 addresses (including the controller IP).  Even though the redirect to securelogin.arubanetworks.com doesn't complete and redirect the user to www.google.com (which is the welcome page set up in the Aruba controller), the user still has authenticated guest access and can now browse the internet.

This wouldn't normally be a problem, I would tell the client that we need to open http/https to the controller IP address to get this to work and everything would be fine, but as it stands, it worked for Amigopod without this access and the client is wondering what is different now and why we need to allow this access.  I am not very versed in the Amigopod world and have much more experience with Clearpass Policy Manager/Guest so I am a bit out of my league with the question.

 

Any help would be much appreciated!

Thanks, Mike

Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: After Amigopod to Clearpass Guest migration self-registration process no longer completes.


mikelutgen wrote:

Hi Guys, 

I recently (last Thursday) worked on an Amigopod to Clearpass Guest migration.  We followed all of the correct steps and have everything working on the Clearpass side (and in-service), but an issue that we're running into with Self-Registration is that once you enter your name and email address, click "Continue" and get your username and password, then click "Login", the redirect to securelogin.arubanetworks.com doesn't work.  We know why this doesn't work, the role on the Aruba controller for authenticated guests has a rule disallowing access to any RFC 1918 addresses (including the controller IP).  Even though the redirect to securelogin.arubanetworks.com doesn't complete and redirect the user to www.google.com (which is the welcome page set up in the Aruba controller), the user still has authenticated guest access and can now browse the internet.

This wouldn't normally be a problem, I would tell the client that we need to open http/https to the controller IP address to get this to work and everything would be fine, but as it stands, it worked for Amigopod without this access and the client is wondering what is different now and why we need to allow this access.  I am not very versed in the Amigopod world and have much more experience with Clearpass Policy Manager/Guest so I am a bit out of my league with the question.

 

Any help would be much appreciated!

Thanks, Mike


You should contact support, because we will all be guessing here about (1) how your network is configured (2) what ultimately is the solution to your problem.  Most of us will be wrong because we do not have enough information.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,309
Registered: ‎07-20-2011

Re: After Amigopod to Clearpass Guest migration self-registration process no longer completes.

 

Can you please share the guest-logon role ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 4
Registered: ‎01-13-2014

Re: After Amigopod to Clearpass Guest migration self-registration process no longer completes.

I was just at the client again last week and the problem no longer exists, it must have been a client-side problem because we can't seem to recreate it again.  Thanks for the help!

Search Airheads
Showing results for 
Search instead for 
Did you mean: