Security

Reply

Clearpass Guest w/ Mac Auth with failover to Captive portal w/ mac caching

I have a deployment where I am using CPPM guest to connect users through a captive portal (username/password based stored in CPPM guest)

Controllers are using 6.5.1.2 (I have AP-305s) configured in master-redundancy using HA fast failover w/ state sync

 

SSIDs are WPA2-PSK

Default mac auth profile on the AAA profile.

 

The CPPM services are as follows and in order top-bottom

 

I have a deployment where I am using CPPM guest to connect users through a captive portal (username/password based stored in CPPM guest)

Controllers are using 6.5.1.2 (I have AP-305s) configured in master-redundancy using HA fast failover w/ state sync

 

SSIDs are WPA2-PSK

Default mac auth profile on the AAA profile.

 

IT WORKS fine with every device but Apple devices. They don't like the MAC auth and it fails constantly...

 

I know I am going to need to provide more information but let me know what you need if you guys want to help me out..

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest w/ Mac Auth with failover to Captive portal w/ mac caching

Were you going to paste your services into the post? Looks like you copied and pasted some of you post rather than the services.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP

Re: Clearpass Guest w/ Mac Auth with failover to Captive portal w/ mac caching

When you say fails - how does this show in Access Tracker? Reject, Timeout, nothing?

Could it be some 802.11k/r issue?


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!

Re: Clearpass Guest w/ Mac Auth with failover to Captive portal w/ mac caching

It would show up as a mac Auth fail but Auth trace buff would show only key 1 of the 4 way handshake being sent. Have a case open, waiting on engineering at this point. No 802.11k/r.
Ended up being basically all devices not just apple.

Disabling the mac Auth profile on the controller would allow me to enter the psk and get on. It just would not classify the service on cppm anymore. So that's where I am now.

Waiting on tac
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: