Security

Reply
Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

CP Guest and single click SSID question

I have successfully setup a single click SSID with TOS acceptance using the randomly generated account name.  What I am struggling with is how to set it up so that the mac is cached so that the user doesn't have to click it everytime they connect.  I would prefer to set is so they have re-accept the ToS every 1 or 2 weeks.  I have create the guest authentication with mac cache server using the service template but this doesn't appear to be working for me.  Any help would be greatly appreciated.

MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: CP Guest and single click SSID question

Are you using controller Internal CP or ClearPass ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: CP Guest and single click SSID question

Clearpass.

MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: CP Guest and single click SSID question

You can do this using the Guest Mac Auth template (Mac Caching)

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: CP Guest and single click SSID question

Here's a good guide on how to accomplish it

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Step-by-Step-Controller-CPPM-6-5-Captive-Portal-authentication/m-p/229740

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: CP Guest and single click SSID question

As stated in my original post. I created the guest auth with mac cache service but it is not working.

Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: CP Guest and single click SSID question

Thank you. I will give this a try.





Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: CP Guest and single click SSID question

I missed that part.

A couple of things:

- Do you have radius accounting enabled on the controller and ClearPass ?

- In the mac auth service enforcement policy you should able to define the amount of time you would like to allow the device to authenticate without seeing the captive portal

2015-03-26 15_32_29-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: CP Guest and single click SSID question

Ok I am getting further now. When I connect to the SSID I am hitting the correct service but getting this error message:

Session failed for Host=172.18.x.x, Reason=[Failed to connect to datasource: [unixODBC]FATAL: password authentication failed for user "appexternal"
FATAL: no pg_hba.conf entry for host "172.18.x.x", user "appexternal", database "insightdb", SSL off
SQLState=08001 ErrorCode=101]





Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
MVP
Posts: 1,407
Registered: ‎11-30-2011

Re: CP Guest and single click SSID question

is insight turned on on your clearpass?

Search Airheads
Showing results for 
Search instead for 
Did you mean: