01-12-2015 04:10 AM
Last week, I ran into an issue I'd not seen before.
The end-user's Clearpass version is 220.127.116.11038. It's a global setup, so upgrading is a bit tricky for the time being.
The Clearpass subscriber in use in this case, is in the UK HQ, as are a pair of 7000 series controllers. The (Clearpass) Guest service works perfectly in this site.
Last week, we added a controller at a nearby factory site, as a local of the master in the HQ, and enabled the guest VAP on it (AP groupings etc). Initially, this was driving the guests out of a broadband circuit at the factory. At this point, I couldn't get the guest registration page to render in the browser. A packet capture of the session on the guest, seems to show responses from Clearpass stating "Unrecognized Name". See attached screenshot.
I'm not sure what could cause this message, but I tried a quick follow on test to rule some things out. Literally all I did next, was change the local controller (at the factory), so that it sent guest traffic into a GRE tunnel to the master in the HQ (on the guest VLAN there). Having done this, it works as expected. Note, I changed no profiles in the VAP to achieve this.
We know you can reach the Clearpass guest reg pages directly off the factory broadband circuit directly, as we did a test for this.
Any ideas gratefully received!
01-12-2015 05:10 AM
If so do you have a public SSL cert for the ClearPass HTTPS ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
01-12-2015 05:16 AM
It is HTTPs, and the cert is publicly signed.
At the HQ end, it was tested extensively with loads of browsers an client OS types to be sure.