Security

Hi,

I am facing one issue with captive portal redirection. I am using the clear pass for guest internet access. I have IAP204/205 at edge site. They are configured for guest SSID with captive portal from Clearpass server.

The initial problem was captive portal redirection was not happening for Internet Explorer but it was working on with Chrome and Mozilla. I tried different IE version but result was the same.

I was using the port 80 for captive portal in IAP configuration under captove portal profile. I have change the port from 80 to 443 in IAP. That has resolved the redirection issue. But started another issue. If I use the Clear Pass IP then captive portal is opening properly but if I use the hostname then captive portal is not opening. I initially thought it was DNS problem but when I ping the hostname, it is resolving tp correct IP. I also tried to add local hostfile entry into machine but no luck. I also give the full access to clear pass server in access configuration on IAP but still the same.

Do you think it could be issue with certificate or any configuration on clearpass which I have to enable for it to work? I do have verisign certificate for that hostname which is also installed on Clearpass server.

Niren

Log on to your guest network and check you are getting the correct pre-auth role from the IAP and that DNS queries are allowed to your DNS servers in this role.

On the client run 'nslookup <hostname>' where <hostname> is the name in the captive-portal redirect. Ensure you specify the host exactly as defined in the profile. Does the nslookup return the correct IP?

If yes then it is not a DNS issue.

Does your client have a proxy configured or using an auto-proxy set-up??

Do you have proxy bypass configured for IP addresses but not the hostname???

Thanks for reply. There is no issue with DNS as it is resolving to correct IP via nslookup. Alos tried to put local host file entry on client machine from where I am testing.

There is no proxy configuration in browser.

Do we have to do any addtional configuration in clearpass if we use the port 443 in IAP configuration for captuve portal? The same thing is working if I use the port 80 in IAP for captive portal but issue with that port configuration is that it is not redirecting to captive portal in IE but rest of browsers are ok. 

Niren

i would do a packet capture with wireshark or with a browser plugin to see what kind of requests your browser tries to do and which replies it gets. what you see there will probably get you on the right track.