Security

Reply
Occasional Contributor II

Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

Just curious if this is even possible.

 

I am in the process of deploying, and found out the client has no PEFNG licenses.  I cannot use User Roles since the PEFNG is required for that.  I have the re-direct working, but it looks like it never passes on anything other than a MAC Auth to the clearpass server.

 

Thanks.

Aruba Employee

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

Yes, this is definitely possible.

 

Did you configure the RADIUS server for the L3 Captive Portal Profile to point to ClearPass and enable User Login on the Captive Portal Profile?

 

Thanks,

Zach Jennings
Guru Elite

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

Yes. Does your MAC-auth service fail through to return the guest-login role?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba Employee

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

I think what Tim means here is that your MAC Caching service should be deny access by default so that the guest user gets the default AAA profile (Captive Portal profile) when they first connect.

 

So, you should see MAC Auth failure on the first connection attempt.

 

Thanks,

Zach Jennings
Occasional Contributor II

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

I configured the layer 3 portal and it does redirect me to the page.  The whole flow on the guest side of clearpass looks fine.  I never see any other entry in Access tracker after submitting though.

Aruba Employee

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

And you checked that User Login was enabled in the Captive Portal profile?

 

Thanks,

Zach Jennings
Occasional Contributor II

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

That is correct, I get a MAC Auth failure first.

Occasional Contributor II

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

correct, it has user login checked.

Aruba Employee

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

Ok, that looks good.

 

What about the Server Group for that Captive Portal profile?

 

Screen Shot 2015-04-22 at 3.32.17 PM.png

Thanks,

Zach Jennings
Occasional Contributor II

Re: Is it possible to deploy clearpass guest on an Aruba controller without PEFNG licenses?

It points to the Clearpass server group, and the clearpass server is in that group.

 

I have also tested the Server group itself with an 802.1X SSID point to it. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: