Security

Reply
Contributor I
Posts: 33
Registered: ‎09-14-2011

MAC authentication for ClearPass Guest

Hi,

 

I'm trying to get a test VAP using ClearPass guest captive portal with Mac caching.

 

I created a guest user and and a web-login page in ClearPass Guest, using the controller i changed the captive portal to the page i just created.

 

When i tried to login in the captive portal it work with no error and i see the login being accepted by ClearPass but i get redirected to the ClearPass portal and when i try other website i get back the captive portal login ....

 

Second problem is that I see in ClearPass, is that the computer tries to authenticate using his MAC address, but is always rejected because the policy cannot match the username.

 

ClearPass Policy Manager - MAC-error.png

ClearPass Policy Manager - MAC-alert.png

 

It's seems to be failing to get the username even though it's clearly marked as the username being the MAC address.

Anyone seen this?

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: MAC authentication for ClearPass Guest

 

On the initial Mac auth request is expected to fail if the mac address hasn't been seen for the specified time (time cached) you configured in the enforcement policy.

 

Make sure that you have Accounting enabled on the AAA profile and that the key between ClearPass (Devices>Controller IP address >Shared Key and in the Controller >Radius Server>Shared Key matches)

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 33
Registered: ‎09-14-2011

Re: MAC authentication for ClearPass Guest

I know that the first auth is supposed to fail. I see the machine MAC being add to the endpoint database. But i can't find the Mac anywhere else, it doesn't show up in the guest device list.

 

I guess maybe the first part (web login) is the root of the problem, I configured 2 services witch added 3 services to my service page, see image bellow.

ClearPass Policy Manager - services.png

 

The web login service catches the guest user and password but it doesn't seem to add the client device to the guest database.

The MAC address caching service would cache the device i guess, but it doesn't catches the web login, if i remove the web login service the captive portal login fail with reason : could not catagorize the service.

 

ClearPass Policy Manager - mac cache.png

 

My guess is that one of the service is misconfigured but i don't know witch one. Thanks for your help.

Search Airheads
Showing results for 
Search instead for 
Did you mean: