Security

Reply
MVP
Posts: 992
Registered: ‎04-13-2009

Captive Portal Redirects to login after sucessful auth

Hi Guys,

 

Quick question, I hope.

 

I'm using a 7210 controller and 2 x CPPM devices.

 

Dell OS Version 6.3.1.10

Dell CPPM Version 6.3.4.65370

 

I've configured a guest SSID with a CPPM guest captive portal. The captive portal URL points to the DNS name which resolves to the Virtual IP address.

 

I've setup self registration but it's redirecting back to the captive portal login page after sucessful authentication.


I'm also using the CPPM Virtual IP as my RADIUS server for this SSID on the controller.

 

When I swap the portal URL to CPPM1 server and use CPPM1 as the RADIUS it works.

 

I need to do some more investigation before I say what I think is happening.

 

Can anyone tell me why this is happeninig?

 

Cheers

J

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Captive Portal Redirects to login after sucessful auth

Do you have the VIP as your AAA radius server in your controller ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 992
Registered: ‎04-13-2009

Re: Captive Portal Redirects to login after sucessful auth

Hi Victor,

Yes I do.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Captive Portal Redirects to login after sucessful auth

Is COA enabled for the VIP as a RFC3576 in your controller

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 520
Registered: ‎05-11-2011

Re: Captive Portal Redirects to login after sucessful auth

Well, if you're doing normal guest captive portal with Controller Initiated login then CoA doesn't come into account during this first login.

 

Since you have CPPM VIP I'm assuming this this a CPPM cluster setup using Publisher - Subscriber as Standby Publisher. Can you verify that the cluster is in sync and that your cppm1 is designated Publisher?

 

Any related entries in the Access Tracker and Event viewer you can share?

 

 

Other thoughts..

What you describe tho is a common scenario when Radius doesn't go through, is rejected due to missing/wrong Radius config (secret, wrong controller IP used as device etc), the correct service doesn't hit. 

-> Is there perhaps some firewall/access list denying Radius from Controller to the VIP?

 

Anything in the logs on the controller?

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 992
Registered: ‎04-13-2009

Re: Captive Portal Redirects to login after sucessful auth

The VIP appears to be associated with CPPM2 as when I browse to it I can clearly see that it's not the publisher I'm on.

 

CPPM1 is my designated publisher.

 

However when I look at the VIP settings it's telling me that the VIP is associated with CPPM1.

 

Here you can see the publisher is set to 002 which is CPPM1 with a .162 address

2014-09-03 09_48_16-ClearPass Policy Manager.png

 

Here you can see the VIP is associated with 002 (CPPM1) 

2014-09-03 09_49_49-ClearPass Policy Manager.png

 

When I browse tot he VPN you can see I'm not on the publisher!

2014-09-03 09_53_29-ClearPass Policy Manager.png

 

Thoughts?

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 520
Registered: ‎05-11-2011

Re: Captive Portal Redirects to login after sucessful auth

Well - not anything good ;)

 

Check the VIP settings when logged on to the CPPM2. Verify that VIP settings show the same as on CPPM1.

Is this a production system or can you try some things like stopping/starting VIP service on both CPPM's, deleting VIP and re-establishing it.. Try pinging the VIP address at intervals when you do this to see if it stops responding when it should ;)

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 992
Registered: ‎04-13-2009

Re: Captive Portal Redirects to login after sucessful auth

I rebooted CPPM2 whilst pinging the VIP. The VIP stopped responding to pings till CPPM2 came back online.

 

service restart all on CPPM1 seems to have "woken" it back up.

 

The VIP appears to be working ok now.

 

Thanks Guys.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 520
Registered: ‎05-11-2011

Re: Captive Portal Redirects to login after sucessful auth

Great news!

If you don't mind me asking - is this a new installation so that there hasn't been any reboots after VIP and Cluster was established?

 

Just adding to my own "experience database" for future reference :)

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 992
Registered: ‎04-13-2009

Re: Captive Portal Redirects to login after sucessful auth

Actually it's still broken. Always seems to point at CPPM2 even though CPPM1 is up.

 

Also I just rebooted CPPM2 and checked the VIP which stopped responding to pings and it showed as not being assigned. 

 

Will call TAC. Dell TAC though. :(

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: