Security

Here is the situation.

Cisco WLC with version 7.6 and ClearPass 6.5.1

Cisco WLC wlan is setup with mac filtering and on mac failure redirect to external we server.

Pre-Auth ACL is to only allow http and https access to the ClearPass server.

 

When a device connects, it attempts MAC authentication and is rejected since it's a new device.

This is working as intended.

The user opens a browser and types in www.google.com

The browser is intercepted and redirects to a ClearPass captive portal

The User logs in and is authenticated successfully.

Here is the problem area. The User is never redirected to the original URL but is sent to something like this:
https://clearpassserverip/guest/www.google.com

The user receives a 404 error and never makes it to google. 

Has anyone else experienced an issue similar to this?

 

Andy Clelland

Structured Communication Systems, Inc.

ACMP, ACCP

Has anyone else seen this behavior?

 

Andy Clelland

Do you have the following:
- Controller Initiated selected in the guest registration page NAS Vendor settings > Login Method
- Select Cisco Systems as the Vendor
- Uncheck require HTTPs under Home » Configuration » Authentication
And see if that works

Thank you Victor, the only piece I don't have setup is unchecking require HTTPS. I'll give that a try to see if that helps at all.

 

Andy Clelland

aclelland did that solve it for you?

Please paste the initial redirect URL from Cisco to CPPM. It should have a clear 'url' attribute.  Ensure that attribute is fully qualified with 'http://' otherwise it will link as a relative address.  If you have a fallback destination in the login setup ensure it is fully qualified as well otherwise the same situation occurs.