Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba 2530 and Redirect to Clearpass for Guest users

This thread has been viewed 5 times

  • 1.  Aruba 2530 and Redirect to Clearpass for Guest users

    Posted Jun 27, 2018 04:19 AM

    Hi

     

    This is on aruba 2530 switches.

    I have strange issue with a new setup where guest users is to be redirected to Clearpass for auth before given access to internet.

     

    The profile is correct send down to the switch and my ACL from radius worke (counters updates). My URL seems correct and when pasting this into the browser i get access to Clearpass Guest page.

     

    aaa authentication captive-portal enable

     

    This displayes that hits is correct in my ACL (i am aware that cpy is missing in the deny statement this is for test that the deny is hit)

     

    Radius-configured Port-based ACL for
    Port 3, Client -- C05627-B0D7B3

    IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
    permit in tcp from any to 192.168.30.4 443 cnt
    Packet Hit Counter 0
    permit in tcp from any to 192.168.30.4 80 cnt
    Packet Hit Counter 0
    deny in tcp from any to any 80 cnt
    Packet Hit Counter 45
    deny in tcp from any to any 443 cnt
    Packet Hit Counter 114
    permit in udp from any to any 53 cnt
    Packet Hit Counter 20
    permit in udp from any to any 67 cnt
    Packet Hit Counter 1

     

    When i apply cpy there is no hits (with or wiouth the cnt)

     

    But direct access is OK, line 1


    Radius-configured Port-based ACL for
    Port 3, Client -- C05627-B0D7B3

    IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
    permit in tcp from any to 192.168.30.4 443 cnt
    Packet Hit Counter 49
    permit in tcp from any to 192.168.30.4 80 cnt
    Packet Hit Counter 0
    deny in tcp from any to any 80 cnt cpy
    Packet Hit Counter 0
    deny in tcp from any to any 443 cnt cpy
    Packet Hit Counter 0
    permit in udp from any to any 53 cnt
    Packet Hit Counter 41
    permit in udp from any to any 67 cnt
    Packet Hit Counter 1

     

    This is the port status 


    Port Access Client Status Detail

    Client Base Details :
    Port : 3 Authentication Type : mac-based
    Client Status : authenticated Session Time : 136 seconds
    Client Name : c05627b0d7b3 Session Timeout : 10800 seconds
    MAC Address : c05627-b0d7b3
    IP : 10.29.160.248

    Access Policy Details :
    COS Map : Not Defined In Limit Kbps : Not Set
    Untagged VLAN : 29
    Tagged VLANs : No Tagged VLANs
    Port Mode : 1000FDx
    RADIUS ACL List :
    permit in tcp from any to 192.168.30.4 443 cnt
    Hit Count: 49
    permit in tcp from any to 192.168.30.4 80 cnt
    Hit Count: 0
    deny in tcp from any to any 80 cnt cpy
    Hit Count: 0
    deny in tcp from any to any 443 cnt cpy
    Hit Count: 0
    permit in udp from any to any 53 cnt
    Hit Count: 48
    permit in udp from any to any 67 cnt
    Hit Count: 1

    Captive Portal Details :
    URL : http://clearpass.itu.dk/guest/registration_wired.php

     

     

     

     

    Any clues ???

     


    #2530


  • 2.  RE: Aruba 2530 and Redirect to Clearpass for Guest users

    EMPLOYEE
    Posted Jun 27, 2018 07:39 AM
    Did you follow the ClearPass Solution Guide for Wired Policy Enforcement?


  • 3.  RE: Aruba 2530 and Redirect to Clearpass for Guest users

    Posted Jun 27, 2018 07:43 AM

    Hi

     

    Yes i did, but i have just found the error, i had no IP address on the interface, i seems to work now luckely

     

    Thanks for responding.