Security

Reply

Re: Clearpass Guest - Self registration

Sorry don’t understand the workflow ...let me see if I understand.
Unknown or expired Mac caching connects and hits the Mac auth service (Mac auth failure)> then redirected and performs web auth and hits the web auth service (Mac caching is added to endpoint db ) then if the device reauth it should hit the same Mac auth service but different policy rule and using time source it determines if the device is allowed to the network if Mac caching hasn’t expired .

Why another Mac caching service ?

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted

Re: Clearpass Guest - Self registration

Going to try and spin this up today out of curiosity.  Was intending to do over the holidays, but the festive season got the better of me. ;-)

 

Pasquale, can you send a screenshot of what you're returning in the initial mac-auth with the redirect please?  I tried here but it is not working for me.  My WLC is on an older version that I can't upgrade, which may have something to do with it.

 

Thanks

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

Back in the office tomorrow, the holidays were "tough" on the body here...back in full force tomorrow.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

using version 8.3 for the WLC

Here is what I have (l am still playing with things so its a bit everywhere)

service_rule.PNGauth.PNGenforcement.PNGenf_profile.PNG

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

Yes, that is what I have here, but my redirect is not working.

My WLC is on 7.0.220.0 so maybe those AVPairs are not supported on that version.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

I can send you the firmware for 8.3 if you want ??

I am not using a vWLC though...I was initially but found a 2504 lying around.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

Unfortunately my ap is an 1142N model and won't upgrade beyond the version I am on.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

I believe I managed to this to work, well at least 90% of it.

I will post more details when I get a chance....

Last step to figure out is after my "12 hour" session, I need to get redirected back to the portal (need to figure out some role mappings).
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

I'm curious to see how you've setup the cisco.  Are you using a conditional web redirect?  Any chance of some screenshots of the cisco?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

Most definitely once I get the time to actually put something together, my intention was to write up a complete guide and post it on the forums as this has been a challenge but also fun.
Now, obviously there are other ways to get it done but this is how I got it to work with the help of a Clearpass SE.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: