01-23-2015 01:41 PM
Checking to see if anyone else has seen this type of issues with Cisco WLC & Clearpass guest:
I have setup an open guest wlan on a Cisco WLC with Layer2 mac-filtering , Layer3 Web Policy/"On Mac failure" pointing to external ClearPass captive portal.
I used the templates to create the 2 services,
-one with mac authentication accept if exists, reject if doesn't exist
-WLC receives reject and sends user to Clearpass portal page to accept terms.
-CPM radius reject delay is set to 0
-The first time a user connects, the clearpass portal appears
-user accepts terms,
-instead of gaining access the Cisco internal web auth page appears.(no attributes set on endpoint)
-user refreshes the browser, the Clearpass screen appears.
-user accepts terms and gains access (attributes are set on endpoint)
This can easily be reproduced. I've opened a Cisco TAC but waiting to work on it with them.
01-23-2015 02:28 PM
Which attributes are you trying to use ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
01-23-2015 03:02 PM
The templates set 2 attributes:
Guest Role ID
Username(which, in this case is the same for all guest because just accepting a policy)
There isn't an error, other than the reject when the user is connecting the first time and mac address isn't cached already.
To do a retest, we just clear the 2 attributes and can reproduce the problem.