Security

Reply
Occasional Contributor II

Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Hi,

I would like to configure the clearpass captive portal on a Aruba 2530 Switch. i found a guide in the "HPE ArubaOS-Switch Management and Configuration Guide for YA/YB.16.03" Page 202 . But i can`t get a serviceconfiguration on clearpass policymanager for this guest service. I need to create a Service under "Clearpass  Policymanager" Services, which pushes the redirect Policy to the Switch, when a gusts connects to a switchport.

Thanks

 

Guru Elite

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Your MAC Authentication service should return HPE-User-Role and HPE-Captive-Portal-URL VSAs for unknown users.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

How should the policy look like for unknown users ? i always get a reject for the mac authentication on clearpass.

I`ve attached screenshots of my clearpass configuration

Guru Elite

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

You need to use Allow All MAC Auth as your auth method and set your captive portal user-role as the default profile for your enforcement policy.

 

aos-s_mac-auth_enforcement-policy.png

 

aos-s_role_splash.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

HI, Thank you for the Update, i`ve got now a working redirect. But my Authentication rule for registered guests doesn`t work. i`ve attached screenshots of my configuration, thanks

Guru Elite

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Can you elaborate on “doesn’t work’?
Can you post screenshots of the access tracker request tabs.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Hi,

the service, i`ve created doesn`t match, after my login with a guestaccount on the portalpage, only the Service "wired mac" matches (i`ve attached a screenshot of my services). the Service "Wired GAST_MAC User Authentication with MAC Caching" should match. But maybe the Service ist not correctly configured..

Guru Elite

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Can you post screenshots of the access tracker request tabs?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

HI, here`re the screenshots of the accesstracker.

I `ve created a guestvoucher on clearpass guest, and connectet a notebook to the auth ports, get the redirect to the clearpass guestporatal, and insert my guest testaccount. The name of the testguest is "werner@test.de" But i have no service, which matches for webauth. And i have no idea, how does the service for the webout should look like... Thanks

Guru Elite

Re: Clearpass Guest Captive Portal service configuration for Aruba 2530 Switch

Have you reached out to your Aruba ClearPass partner?

 

Create a new "Web-based Authentication" service.

Host	CheckType	EQUALS	Authentication
Connection	Src-IP-Address	EQUALS	127.0.0.1

Use the Guest User Repository as the authentication source.

Use [Guest Roles] for role mapping.

Create an enforcement policy with a rule that uses the CoA Bounce Host port and also create an enforcement profile to update the endpoint attributes.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: