Security

Reply
Highlighted
Frequent Contributor I

IAP and CPPM guest access not authenticating

Hi

 

setup :

 

IAP

CPPM

 

Both latest versions.

 

I have a working setup btw where we also use 72xx controllers in combination with the same CPPM for a guest access portal.

 

Goal : reproduce the setup available on the controllers on an IAP

 

Only remaining issue i currently have for the guest portal is the following...  I can connect to the IAP guest ssid, go to the CP guest authentication portal.  But after authenticating i always get the same authentication portal again.  I would expect some error to show up in CPPM Tracker, but nothing...

 

As a reference, on the 72xx controllers this all works perfectly.  So i am authenticating with the correct credentials etc...

 

On the IAP i see in the AP show log :

 

Aug  3 07:36:48  tinyproxy[1759]: Closed connection between local client (fd:9) and remote client (fd:11), user 172.18.1.189(8c:70:5a:10:89:24) on 'deme-guests-test', user_authenticated=0
Aug  3 07:36:49  mini_httpd[4771]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:50  syslog: main, 2634: opcode is show
Aug  3 07:36:50  mini_httpd[4775]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:54  mini_httpd[4777]: handle_request: 2064: got nothing, child exit after 0 requests
Aug  3 07:36:57  mini_httpd[4778]: handle_request: 2030: SSL_accept fail, child exit after 0 requests parse error on header

I guess here user_authenticated=0 means fail?  But why...?

 

I added the IAP device to CPPM, and also added the ssid to the allowed list of Aruba-Essid-Name.  So no problem there.

 

I'm not seeing any further errors.  Any hints?

Re: IAP and CPPM guest access not authenticating

Are you certain there is no entries in the Access Tracker or the Audit Trail? If the client is being rejected by CPPM then there would be an access tracker log. Connectivity from the IAP to the CPPM appears to be okay as you can see the Captive Portal. 

What result do you get in you send a #aaa test-server from the IAP, do you see this appear in the Access Tracker?

ACMA, ACMP
If my post addresses your query, give kudos:)
Frequent Contributor I

Re: IAP and CPPM guest access not authenticating

Apologies for the late reply.  Everybody likes the solution.  So cause was a firewall in between IAP and Clearpass appliance which was not allowing radius trafic.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: