06-12-2016 06:11 AM
i have an aruba mobility controller with ClearPass Policy manager. we configured a number of SSIDs that uses captive portals from the CPPM. however, we needed an SSID that uses the controller's internal captive portal. se we have left the default configuration of the captive portal profile for this SSID.
the problem is that the SSID redirects the clients to the CPPM welcome page.
Securelogin.arubanetworks.com redirects me to the Clearpass. can you please help me.
06-13-2016 01:45 AM
Please provide me the following information:
1. What is the role assigned to the client when it connects to the SSID ?
2. Does this role has the correct captive portal profile (internal captive portal) mapped to it?
Please share the name of the captive portal profile which uses internal page & the following output.
1. Aruba# show rights <name of the role assigned to the client>
Client will get the portal page based upon the captive portal profile mapped to the role that it gets.
We need to ensure that the role has the correct profile mapped. In case, you are using the ssame role for different SSID's that will cause a conflict.
06-13-2016 04:18 AM
A user would get that page if the https page in the Captive Portal Authentication Profile (on the controller) is pointing at the admin page of ClearPass, instead of a guest page. It looks like the guest is being redirected to the admin page, or the path to the guest page has been entered wrong.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
06-13-2016 06:22 AM
Please share the results for the following :
1. show aa authentication captive-portal Test-cp_prof
2. What is the result of nslookup to securelogin.arubanetworks.com when the user is placed in
3. Did you made changes to default Captive portal ACL's ?
The following ACL's are the default ones.
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Low 4
3 user any svc-https dst-nat 8081 Low 4
4 user any svc-http-proxy1 dst-nat 8088 Low 4
5 user any svc-http-proxy2 dst-nat 8088 Low 4
6 user any svc-http-proxy3 dst-nat 8088 Low 4
Please check the ACL's which are hit when you get redirected to CPPM page :
show acl hits role <name of role>