Security

Dear Sir

 

Now I config cisco switch to authen wire port with MAB ,

I success till to redirect Captive web from Clearpass to client which's unknow mac-addr.

But he can not complete to success authen with Clearpass's web auth, of course usrname/password for account login it was right.

I think it maybe issue from "Login Method" in the Page setup of CP, So I tried to change to "Server-initiated'  but still not success to authen , and the error message appear " Required parameers unavailable"

Please help !

That means the switch is not passing the MAC address in the redirect URL.
What version of IOS is the switch running?

Dear Cappalli

 

BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)

Dear Cappilla

 

From my understood, user should be directly authenticate with CP , then CP will enforcement by Update his mac-addr to endpoint repository and send CoA to switch cisco.

When client reconnect again (cause by CoA) , he will immediately suucess authen with MAC Authen.

Refer Pages > Web Logins  , I try to use Controller-initiated or server-initiated,

but both  not work  or even tried to select "vendor setting = Captive portal with Clearpass Web Auth"

, it also not work.

But I would like to know What exactly should be select ?

 

Dear Jateairhead,

 

i have a same setup where i have to do web auth for wired users, i am enable to redirect the use to captive portal page, can u help with the config the cisco switch and cppm ...

 

 

Hi

 

Follow step with my attached file , Definitely work.

I have configured the cisco switch and the cppm, i am able to get the web auth page for client but i am not able to authenicate with the user created. i am attaching the access tracker log and the screen shots of service created for 802.1x on cppm along with the cisco switch config.

 

does the configuration on cisco switch should be done on core switch or the acess switch ?

please help..... :)

 

The config should be done where you are expecting the wired devices to connect which is usually on an Access Switch

You need to create a Web-based Authentication service and a Mac Auth service , based on the screenshot from Access Tracker is not matching any service

Are you working with an Aruba partner ?

I have created both  the web auth and the mac auth which are in attachments file.

 

we are regestered aruba partner..

Did you configured the captive portal page to use Cisco as the vendor and server-initiated login method ?

Yes i did configure those settings, please see the screen shot below.

Under "Pre-Auth Check" you should select "None"

That's why is not matching the web auth service since you selected "AppAuth" option

Perhaps this how to guide can help you.

 

I did have the same issue, but the Technotes from Aruba did not help me on this issue. I toke some time to figure it out with the web application part - in this case "Server-Initiated" with no "pre-check" and the enforcement policy is "WebAuth". The service rule is "Web-based Authentication". Not the most easiest configuration ;-)