Security

Reply
Contributor I
Posts: 31
Registered: ‎08-04-2014

Captive Portal Bypass - ClearPass

Afternoon chaps

Is there a simple way to bypass Web Auth on Captive Portal on ClearPass.

I have an issue with certain iPhone users and a VPN application on a phone, they can't get onto the network becasue they cant access the portal.

 

Can we push them into a different role using their MAC for authentication?

 

Thanks

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Captive Portal Bypass - ClearPass

Can we push them into a different role using their MAC for authentication?
Yes you can
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba Employee
Posts: 508
Registered: ‎02-19-2015

Re: Captive Portal Bypass - ClearPass

Hi,

 

Instead of web auth service use mac auth service to acheive MAC authentication.

 

Regards,

Pavan

Guru Elite
Posts: 8,754
Registered: ‎09-08-2010

Re: Captive Portal Bypass - ClearPass

Please explain your desired workflow. How would we get their MAC address if they're not going through a registration process?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎08-04-2014

Re: Captive Portal Bypass - ClearPass

Hi Tim

 

Workflow is as follows:

1. Device connects to existing SSID gets IP address.

2. Device gets put into new role based on User Defined Rule already configured based on MAC address.

3. New role has firewall policy 'allow all' assigned

4. Device access internet.

 

I have configured the UDR but the device is staying in the pre-auth role which forwards it to the captive portal. I guess I'm slightly confused with how the flow should be.Thanks

Guru Elite
Posts: 8,754
Registered: ‎09-08-2010

Re: Captive Portal Bypass - ClearPass

You shouldn’t use UDRs if you’re using ClearPass. Use the Device Registration portal in ClearPass for any MAC address overrides (Guest Device Registration).

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎08-04-2014

Re: Captive Portal Bypass - ClearPass

Oh OK, I was going by some previuos posts.

I'll try the ClearPass config and let you know.

Contributor I
Posts: 31
Registered: ‎08-04-2014

Re: Captive Portal Bypass - ClearPass

I take it the Guest Device Portal you mean in the Guest Module - 'Create Device', which I've done and assigned it a Role.

However the device is still trying to do Web Auth according to the Access Tracker and only the once. I've also added the mac to the existing mac auth service, but still cant get it to bypass.

Guru Elite
Posts: 8,754
Registered: ‎09-08-2010

Re: Captive Portal Bypass - ClearPass

Ignore the WebAuth. It's only generated on initial device registration. Do you have MAC authentication enabled and the ClearPass server group defined in your AAA profile?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎08-04-2014

Re: Captive Portal Bypass - ClearPass

Yes thats all in there, but the initial problem is that the iPhone is attempting to put that traffic into its VPN and tunnel it.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: