Security

Reply
Contributor I

Aruba 2530 and Redirect to Clearpass for Guest users

Hi

 

This is on aruba 2530 switches.

I have strange issue with a new setup where guest users is to be redirected to Clearpass for auth before given access to internet.

 

The profile is correct send down to the switch and my ACL from radius worke (counters updates). My URL seems correct and when pasting this into the browser i get access to Clearpass Guest page.

 

aaa authentication captive-portal enable

 

This displayes that hits is correct in my ACL (i am aware that cpy is missing in the deny statement this is for test that the deny is hit)

 

Radius-configured Port-based ACL for
Port 3, Client -- C05627-B0D7B3

IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
permit in tcp from any to 192.168.30.4 443 cnt
Packet Hit Counter 0
permit in tcp from any to 192.168.30.4 80 cnt
Packet Hit Counter 0
deny in tcp from any to any 80 cnt
Packet Hit Counter 45
deny in tcp from any to any 443 cnt
Packet Hit Counter 114
permit in udp from any to any 53 cnt
Packet Hit Counter 20
permit in udp from any to any 67 cnt
Packet Hit Counter 1

 

When i apply cpy there is no hits (with or wiouth the cnt)

 

But direct access is OK, line 1


Radius-configured Port-based ACL for
Port 3, Client -- C05627-B0D7B3

IPv6 ACLs enabled (HP-Nas-Rules-Ipv6): FALSE
permit in tcp from any to 192.168.30.4 443 cnt
Packet Hit Counter 49
permit in tcp from any to 192.168.30.4 80 cnt
Packet Hit Counter 0
deny in tcp from any to any 80 cnt cpy
Packet Hit Counter 0
deny in tcp from any to any 443 cnt cpy
Packet Hit Counter 0
permit in udp from any to any 53 cnt
Packet Hit Counter 41
permit in udp from any to any 67 cnt
Packet Hit Counter 1

 

This is the port status 


Port Access Client Status Detail

Client Base Details :
Port : 3 Authentication Type : mac-based
Client Status : authenticated Session Time : 136 seconds
Client Name : c05627b0d7b3 Session Timeout : 10800 seconds
MAC Address : c05627-b0d7b3
IP : 10.29.160.248

Access Policy Details :
COS Map : Not Defined In Limit Kbps : Not Set
Untagged VLAN : 29
Tagged VLANs : No Tagged VLANs
Port Mode : 1000FDx
RADIUS ACL List :
permit in tcp from any to 192.168.30.4 443 cnt
Hit Count: 49
permit in tcp from any to 192.168.30.4 80 cnt
Hit Count: 0
deny in tcp from any to any 80 cnt cpy
Hit Count: 0
deny in tcp from any to any 443 cnt cpy
Hit Count: 0
permit in udp from any to any 53 cnt
Hit Count: 48
permit in udp from any to any 67 cnt
Hit Count: 1

Captive Portal Details :
URL : http://clearpass.itu.dk/guest/registration_wired.php

 

 

 

 

Any clues ???

 

Guru Elite

Re: Aruba 2530 and Redirect to Clearpass for Guest users

Did you follow the ClearPass Solution Guide for Wired Policy Enforcement?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Aruba 2530 and Redirect to Clearpass for Guest users

Hi

 

Yes i did, but i have just found the error, i had no IP address on the interface, i seems to work now luckely

 

Thanks for responding.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: