Security

Reply
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Guest user to CPPM captive portal page access

I have the following scenario I'm trying to resolve but not sure it's even feasible.  I have several remote sites that have AP 135s provisioned as RAPs so that the corporate SSID and the guest SSID are bridged to the local LAN.  The guest SSID vlan is typically feed by a local cable or DSL modem.  I'm looking for a way to present these guest users a capitve portal page from clearpass.  I setup a user role that uses routing/src nat to get to the CPPM server.  This role works for ICMP traffic but I cannot get to the CPPM server using HTTP.  I'm guessing this is because of the logon and captiveportal ACLs.

 

Any suggestions or others who have this scenario?

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Guest user to CPPM captive portal page access

Captive portal is not available in bridge mode. You would need to use either
tunnel or split-tunnel.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Guest user to CPPM captive portal page access

The forwarding mode of the VAP is set to split tunnel.

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Guest user to CPPM captive portal page access

You need an allow policy at the top of your user role. This will send that traffic down the tunnel.

 

User   Alias:CPPM servers   SVC-https   Allow


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Guest user to CPPM captive portal page access

[ Edited ]

EDIT:SO LATE

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: