Security

Reply
Contributor I
Posts: 20
Registered: ‎01-23-2015

Clearpass guest captive portal, aruba wireless integration, controller access denied

I am trying to setup a guest access portal using Clearpass 6.4 and Aruba wireless controller 6.3.1.5.

 

I have been using the Aruba Wireless and ClearPass 6 Integration Guide v1.3. I have followed the guide and checked and re-done the setup several times.  But I still have the same issues.  The first is that I get a "too many redirect" errors from browsers so they can't get to the portal.  If I directly go to the guest login page I can register and then login in but I get redirected to the controller with an "Access Denied" error.

 

I'm not sure what I am missing, any help would be greatly appreciated.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

Make sure you add ClearPass server group under the Captive Portal Profile

2015-01-23 11_03_12-L3 Authentication.png

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 20
Registered: ‎01-23-2015

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

[ Edited ]

That has been set.Screen Shot 2015-01-23 at 9.08.24 AM.png

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

[ Edited ]

drjogwa wrote:

The first is that I get a "too many redirect" errors from browsers so they can't get to the portal. 

 


Make sure you are allowing svc-http or svc-https to ClearPass in your logon role so that the captiveportal redirect ACLs don't capture that request.

 

For example:

 

netdestination CLEARPASS-SERVERS

  host x.x.x.x

 

ip access-list session ALLOW-CPPM
  user   alias CLEARPASS-SERVERS svc-http  permit
  user   alias CLEARPASS-SERVERS svc-https  permit

 

user-role  CPPM-LOGON

  access-list ALLOW-CPPM

  access-list logon-control

  access-list captiveportal

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

[ Edited ]

Your login page only has an IP.  It needs the full URL to the page.  For example:  https://10.11.0.32/guest/logon.php

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor I
Posts: 20
Registered: ‎01-23-2015

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

I have it setup this way.  I can connect directly to the https://10.11.0.32/guest/guest_register.login.php and it will load and work.  It just doesn't seem to redirect other sites to the login page.

Contributor I
Posts: 20
Registered: ‎01-23-2015

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

[ Edited ]

Sorry, I had changed it at the advice of one of the boards. 

 

I have it changed back with the same error.

 

Screen Shot 2015-01-23 at 9.15.26 AM.png

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

Does the controller have an IP Address on the VLAN that the guests are on?  This is required for captive portal redirects to work.

 

Also, what happens when you try to browse to http://1.1.1.1?   If this redirects properly, then you are looking at a possible DNS issue.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Contributor I
Posts: 20
Registered: ‎01-23-2015

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

[ Edited ]

Yes, I do have an address on the controller in the same vlan as the guests.

 

If I browse to http://1.1.1.1 I get the same error.  If I browse to https://1.1.1.1 I get the certificate for securelogin.arubanetworks.com and if I accept it, then I get the same error.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Clearpass guest captive portal, aruba wireless integration, controller access denied

Make sure the Radius Shared Key matches on both sides
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: