Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎08-29-2016

ClearPass/Captive Portal process

We are installing a ClearPass server to perform Captive Portal and authentication.  How does the external server change the captive Portal process at the controller?  Does the controller still need a failed DNS query to inject the correct IP address for the client, or will a valid DNS query for the external URL work?  I understand how to configure the controller, I just want to understand what is going on "behind the scenes."

Guru Elite
Posts: 21,287
Registered: ‎03-29-2007

Re: ClearPass/Captive Portal process

You will need a functioning DNS server if you are to redirect a client that types in a www address.  Everything is the same as it was with the controller.  Please see the ASE solution here:  https://ase.arubanetworks.com/solutions/id/3 for more details.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎08-29-2016

Re: ClearPass/Captive Portal process

This does not answer my question.  With controller-based captive portal, the process requires a NXDOMAIN message from a name server in order for the controller to inject its own IP address into the message and send that back to the client.  Does a similar process happen when using external captive portal/clear pass, or does the client get a valid IP from a DNS server after being redirected by the controller?

Guru Elite
Posts: 21,287
Registered: ‎03-29-2007

Re: ClearPass/Captive Portal process

[ Edited ]

chmiii wrote:

We are installing a ClearPass server to perform Captive Portal and authentication.  How does the external server change the captive Portal process at the controller? 

 

Does the controller still need a failed DNS query to inject the correct IP address for the client, or will a valid DNS query for the external URL work?  I understand how to configure the controller, I just want to understand what is going on "behind the scenes."


- The external server process is not much different from controller-based version.  The main difference is that the "Login Page" parameter in the Captive Portal Authentication Profile on the controller redirects to the ClearPass Page, instead of a URL located on the controller.

 

 

Please see the attached ArubaOS Guest Appnote for a detailed description of the Captive Portal Authentication Process.  If I do not attach this, I will end up just copy and pasting parts of it into the thread here.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎08-29-2016

Re: ClearPass/Captive Portal process

[ Edited ]

 


cjoseph wrote:

...The main difference is that the "Login Page" parameter in the Captive Portal Authentication Profile on the controller redirects to the ClearPass Page, instead of a URL located on the controller.

I understand this, and I understand the controller-based process as laid out in the App Note.  Unfortunately, both of these are missing the nugget of information that I need...Do I need a DNS entry for my ClearPass Page in order for the client to get the correct IP address when it is redirected, or does the controller insert the ClearPass IP address (instead of its own) when it receives the NXDOMAIN message back from a name server?

 

Edit:  Sorry for the duplicate below.

Occasional Contributor I
Posts: 5
Registered: ‎08-29-2016

Re: ClearPass/Captive Portal process

 


cjoseph wrote:

...The main difference is that the "Login Page" parameter in the Captive Portal Authentication Profile on the controller redirects to the ClearPass Page, instead of a URL located on the controller.

I understand this, and I understand the controller-based process as laid out in the App Note.  Unfortunately, both of these are missing the nugget of information that I need...Do I need a DNS entry for my ClearPass Page in order for the client to get the correct IP address when it is redirected, or does the controller insert the ClearPass IP address (instead of its own) when it receives the NXDOMAIN message back from a name server?

 

Guru Elite
Posts: 21,287
Registered: ‎03-29-2007

Re: ClearPass/Captive Portal process

The client needs to be able to resolve the clearpass server's DNS name, yes.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎08-29-2016

Re: ClearPass/Captive Portal process

Thank you. That's what I need.
Search Airheads
Showing results for 
Search instead for 
Did you mean: