Security

Reply

IAP + ClearPass - Guest Login Failing

We have multiple (20+) IAP clusters across the environment, all being managed by AirWave at this time. The guest network redirects the user to a captive portal registration hosted on ClearPass. After registration, the user clicks login and they get a page cannot be displayed or they get bounced back to registration. The login never gets submitted back to the VC and because of that I never get the login attempt in Access Tracker. I have tried multiple login settings including "securelogin.arubanetworks.com" with HTTP, and the VC's IP address with HTTP, but both same result. The same page is being used by another IAP cluster, with identical settings, and it is working. The working ones are IAP-105's and the not working are IAP-205's. The preauth user role allows DHCP, DNS, and HTTP/HTTPS access to ClearPass. There should be no firewall in between blocking. Dynamic RADIUS Proxy is enabled, as I see the MAC auth request first, which fails, before they get the registration page. 

 

Running short on ideas at this point, any suggestions?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: IAP + ClearPass - Guest Login Failing

See if this solution helps
http://community.arubanetworks.com/t5/Wireless-Access/Aruba-Central-Splash-Page-not-working/m-p/300070#M71519

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP + ClearPass - Guest Login Failing

Is that option available in AirWave as well? Override Common Name? We have a wildcard certificate that I was able to upload to AirWave and apply for that VC as the Captive Portal Cert, I logged into ClearPass and updated the NAS Login to "captiveportal-login.company.com", still utilizing HTTP for the login, but I believe that should work to reach the device correct?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: IAP + ClearPass - Guest Login Failing

We identified the issue. 

 

We have IAP-105's running 6.4.4.8 and IAP-205's running 6.5.0.0-4.3. Apparently sometime between those two versions, HTTP authentication does not work on the IAP-205's, but works fine on the IAP-105's. We uploaded a wildcard certificate to the Group of IAP-205's and changed the authentication on ClearPass to use HTTPS and it's working now. We are going to upload a server certificate to the IAP-105's to move them to HTTPS as well, but wildcard certs aren't supported on our current code version, as far as I know.

 

Thanks for the assistance.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: