Security

Reply
Regular Contributor II
Posts: 207
Registered: ‎09-11-2013

Clearpass and Juniper comtroller

Hi All,

 

I have CPPM 6.3. My wireless is Juniper and the controller is Juniper 880R running code 8.0.3.

When I create a new SSID for guest and point it to the web portal I created on CPPM and have a machine connects to that SSID, the connection is successful (VLAN working fine) and it gets an IP from the guest subnet but it fails to redirect anywhere!!

I get "requested server not found due to DNS timeout"

When I connect to any other SSID on the network and I navigate to my CPPM web portal, I can go there with no issues.

On the Juniper controller by default there is an access list that works for the guest SSID to only allow udp BOOTP client port68 to destination BOOTP server port67. Unfortunately this ACL do not work with CPPM I assume that the CPPM BOOTP server port is not 67!!

 

Any help is really appreciated.

 

 

 

Regular Contributor II
Posts: 207
Registered: ‎09-11-2013

Re: Clearpass and Juniper comtroller

I called support on this and they weren't that helpful. for so odd reason they told me that I need an Aruba controller with a valid support contract in order for them to help me!! I find this odd because there is no aruba controller involved on the setup, it is Juniper and clearpass. They emailed me a list of ACLs that usually on AOS for clearpass traffic-I wasn't able to make sense of off these ACLs because I'm on a Juniper controller.

 

Still waiting for some input.

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Clearpass and Juniper comtroller

not sure if you still have this issue, but i would just contact support again and provide your clearpass serial number and explain this issue again.

 

for the rest it sounds you need to modify your ACL to allow DNS and HTTP(S) to the clearapss.

Search Airheads
Showing results for 
Search instead for 
Did you mean: