Security

Reply
New Contributor
Posts: 4
Registered: ‎06-03-2016

Clearpass Guest Login Page Config Question

[ Edited ]

Hi Everyone,

 

This is my first post and I am only about 2 weeks into my Aruba setup. I work for a large enterprise with 10000+ Cisco APs and we are switching to Aruba.

 

We are currently using Cisco ISE as a radius server for wireless clients. I want to use Clearpass as a webserver for my guest login page, but send the radius request to ISE to authenticate the users.

 

Can someone help me with the configuration on the Clearpass server for this? I have a certificate on the Clearpass server to avoid "untrusted cert" warnings... and I have captive portal confgured on my guest SSID on my master. I am having a hard time finding the right combination of settings on Web Login config page inside clearpass. Which vendor settings should I use and what do I need to put in those fields?

 

 

Sorry if im asking some noob questions, im new to this Aruba stuff :)

Guru Elite
Posts: 20,373
Registered: ‎03-29-2007

Re: Clearpass Guest Login Page Config Question

You should probably open a case with TAC for integration between ISE and ClearPass, because your advice would depend on your desired implementation.  Typically, you would just use ClearPass to interface with your domain to use Radius, and not forward anything onto ISE, as you would lose alot of attributes needed to make decisions.  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/ClearPass-Data-Management-interface-security/m-p/272463

 

In general, if you insisted on using ClearPass in front of ISE, you would use radius proxy, which would make things more complicated, IMHO.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎06-03-2016

Re: Clearpass Guest Login Page Config Question

Thanks Colin,

 

The eventual goal is to move to Clearpass away from ISE, however, for right now, im being told to set it up the way I described.

Search Airheads
Showing results for 
Search instead for 
Did you mean: