04-22-2015 12:05 PM
Just curious if this is even possible.
I am in the process of deploying, and found out the client has no PEFNG licenses. I cannot use User Roles since the PEFNG is required for that. I have the re-direct working, but it looks like it never passes on anything other than a MAC Auth to the clearpass server.
Solved! Go to Solution.
04-22-2015 12:07 PM
Yes, this is definitely possible.
Did you configure the RADIUS server for the L3 Captive Portal Profile to point to ClearPass and enable User Login on the Captive Portal Profile?
04-22-2015 12:08 PM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
04-22-2015 12:15 PM
I think what Tim means here is that your MAC Caching service should be deny access by default so that the guest user gets the default AAA profile (Captive Portal profile) when they first connect.
So, you should see MAC Auth failure on the first connection attempt.
04-22-2015 12:22 PM
I configured the layer 3 portal and it does redirect me to the page. The whole flow on the guest side of clearpass looks fine. I never see any other entry in Access tracker after submitting though.
04-22-2015 12:39 PM
It points to the Clearpass server group, and the clearpass server is in that group.
I have also tested the Server group itself with an 802.1X SSID point to it.