Hi
This is on aruba 2530 switches.
I have strange issue with a new setup where guest users is to be redirected to Clearpass for auth before given access to internet.
The profile is correct send down to the switch and my ACL from radius worke (counters updates). My URL seems correct and when pasting this into the browser i get access to Clearpass Guest page.
aaa authentication captive-portal enable
This displayes that hits is correct in my ACL (i am aware that cpy is missing in the deny statement this is for test that the deny is hit)
Radius-configured Port-based ACL for
Port 3, Client -- C05627-B0D7B3
IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
permit in tcp from any to 192.168.30.4 443 cnt
Packet Hit Counter 0
permit in tcp from any to 192.168.30.4 80 cnt
Packet Hit Counter 0
deny in tcp from any to any 80 cnt
Packet Hit Counter 45
deny in tcp from any to any 443 cnt
Packet Hit Counter 114
permit in udp from any to any 53 cnt
Packet Hit Counter 20
permit in udp from any to any 67 cnt
Packet Hit Counter 1
When i apply cpy there is no hits (with or wiouth the cnt)
But direct access is OK, line 1
Radius-configured Port-based ACL for
Port 3, Client -- C05627-B0D7B3
IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
permit in tcp from any to 192.168.30.4 443 cnt
Packet Hit Counter 49
permit in tcp from any to 192.168.30.4 80 cnt
Packet Hit Counter 0
deny in tcp from any to any 80 cnt cpy
Packet Hit Counter 0
deny in tcp from any to any 443 cnt cpy
Packet Hit Counter 0
permit in udp from any to any 53 cnt
Packet Hit Counter 41
permit in udp from any to any 67 cnt
Packet Hit Counter 1
This is the port status
Port Access Client Status Detail
Client Base Details :
Port : 3 Authentication Type : mac-based
Client Status : authenticated Session Time : 136 seconds
Client Name : c05627b0d7b3 Session Timeout : 10800 seconds
MAC Address : c05627-b0d7b3
IP : 10.29.160.248
Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 29
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List :
permit in tcp from any to 192.168.30.4 443 cnt
Hit Count: 49
permit in tcp from any to 192.168.30.4 80 cnt
Hit Count: 0
deny in tcp from any to any 80 cnt cpy
Hit Count: 0
deny in tcp from any to any 443 cnt cpy
Hit Count: 0
permit in udp from any to any 53 cnt
Hit Count: 48
permit in udp from any to any 67 cnt
Hit Count: 1
Captive Portal Details :
URL : http://clearpass.itu.dk/guest/registration_wired.php
Any clues ???
#2530