Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2013

Cisco flex 7510 controller to use Clearpass guest web auth landing page

Hi

We have a mixed wireless environment, we have both Cisco and Aruba wifi infrustructure. For guest web authentication, currently Cisco controller (flex 7510

) using internal landing page ( within 7510 controller), the SSID that serve guest access is local switching,  we are trying to switch the guest web

authentication landing page from internal (( with Cisco controller)to external ( clearpass). my test failed in both http and https redirecting to clearpass

page, the landing page won't show up on client device.  the preauth ACL on Cisco WLC is as below:
     1 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0           17     0-65535    53-53     Any Permit           0
     2 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0           17    53-53        0-65535  Any Permit           0
     3 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0            1     0-65535     0-65535  Any Permit         103
     4 Any         0.0.0.0/0.0.0.0               10.0.6.60/255.255.255.255    6     0-65535   443-443    Any Permit           0
     5 Any       10.0.6.60/255.255.255.255         0.0.0.0/0.0.0.0            6   443-443       0-65535  Any Permit           0
     6 Any         0.0.0.0/0.0.0.0               10.0.6.60/255.255.255.255    6     0-65535    80-80     Any Permit          50
     7 Any       10.0.6.60/255.255.255.255         0.0.0.0/0.0.0.0            6    80-80        0-65535  Any Permit           0
     8 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any   Deny      181008

The same guest SSID works fine if using internal landing page with same clearpass server as radius server.
The same clearpass landing page works fine for client associated to Aruba APs.

Any ideas or suggestions?

Thanks

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

I don't think external captive portal is supported in FlexConnect mode.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2013

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

Thank you very much Tim.

Did u have any documents about it ? If yes can you please send me a link. I checked Cisco web site and opend a TAC case , nowhere mentioned this?

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

Looks like support was added in 7.2.110. What version are you running?

 

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-wlc-00.html


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2013

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

8.0.110.0, yes, looks like supported.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

I would post in parallel on Cisco's forums.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎09-04-2015

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

I'm working on my deployment now. I have a Cisco 5520 WLC, running 8.1.x code, in FlexConnect mode and ClearPass 6.5.3. I'm just getting started but have found this document that may help.

 

http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html

 

Patrick

 

 

Occasional Contributor I
Posts: 5
Registered: ‎03-08-2013

Re: Cisco flex 7510 controller to use Clearpass guest web auth landing page

Thanks patrick.

 

This works.

 

I also followed a document using ISE as external login server which explained similar configuration.

Search Airheads
Showing results for 
Search instead for 
Did you mean: