Security

Reply
Contributor II
Posts: 46
Registered: ‎06-19-2015

ClearPass Guest Self-Registration Page Returns

I am being told of a very odd issue at only one site (we have CP deployed as a main server that supports multiple sites) where a user attempts to connect to our guest SSID which then presents them with the ClearPass Self-Registration Page where they fill in their details and click Continue, then it automatically authenticates them, and at this point it is supposed to pass them onto the Internet....But it is simply returning to the Self-Registration Page and never gets them onto the Internet. 

I think I have seen this before, but I cannot figure out what might be causing this. 

I have looked at the local controller and the VAP and AAA profiles set up for the guest network and they are exact copies of other sites where the guest network is working. I have checked Radius and determined that the local controller is in fact in the Radius server. I have checked ClearPass and verified that the local controller is in the ClearPass server in Devices as well. 

Anywhere else I might want to start looking to figure out what's causing this?

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: ClearPass Guest Self-Registration Page Returns

You can take a look at a couple of things:

- Look for the the device mac address in the Access Tracker and see if you find anything related to authentication failure

- Make sure that the ClearPass server group is in the Layer 3 Captive Portal Profile.

- Make sure that the radius pre-shared key is correct in the controller and clearpass.

- Are you enforcing under the Enforcement Policy that only a certain amount of devices per user are allowed ?

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 46
Registered: ‎06-19-2015

Re: ClearPass Guest Self-Registration Page Returns

I was not seeing any authentication attempts, so I removed it from the Devices list and then re-added it back by using a copy of a known good client and now it is working. Thank you! 

Aruba
Posts: 1,279
Registered: ‎08-29-2007

Re: ClearPass Guest Self-Registration Page Returns

If it was an incorrect shared key you'd see that in the event viewer.

 

I saw this another time during the early stages of a deployment. Client could register and you'd see it in access tracker, but wouldn't get put into the correct role and the potal page would show again. Turns out it was a routing issue and the radius response wasn't getting back to the controller (the radius traffic can take a different path to the client captive portal traffic). Not the same issue you had, but symptoms the same.....something else to look out for.

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: