Security

Hello Airheads,

we have a customer with Clearpass and Motorola controller and we are attempting to get the automatic NAS login working

on the final part of the guest process (when the guests get their receipt and hit login). Their account creation goes absolutely

fine but just falling at the last hurdle. In access tracker and event viewer there is no activity. Does anyone have any NAS login

config set up info for Motorola? cheers in advance Pete

Sounds like the NAS login is failing.

What settings do you have under the Self-Registration NAS Login section:

Vendor Settings

Login Method

IP Address

Secure login

Dynamic Address

hello David,

Under NAS Login

Enabled: ticked

Vendor Settings: Motorola

Login Method: Controller-initiated-Guest browser performs HTTP form submit

IP Address: <ip-address-of-the-Motorola-controller>

Secure Login: Secure login using HTTPS

cheers

Pete

and what about the Motorola controller?

Is the NAS IP address set to the same as the IP address specified under the NAS login?

David,

The NAS IP address entered under NAS Login on Clearpass is the IP address of the Motorola controller.

cheers

Pete

I just got this working for my own customer – I apologize I don't have the exact settings - I'm not at the customer site right now.  

In their case the Guest VLAN is completely isolated from production.  The Motorala controller had interfaces on both the Guest VLAN as well as internal.  Guests are directed to the Clearpass captive portal via the Internet - they go out the guest ISP and then back in via the corporate ISP and NAT into the captive portal.

Motorola was set up as a Radius client on clearpass using the internal address of the Motorola.

After much trial-and-error we found that we needed to configure the Motorola captive portal server mode to “centralized”  (*not* "centralized controller"), set to the IP address of the Motorola’s Guest  VLAN interface, and then set the captive portal URL (under the "web page") tab to point to Clearpass.  

We also had to muck about a bit and create "welcome" and "terms" html pages which we uploaded to the Motorola, but we could have just as easily put them on Clearpass under content, I suppose.

This is the url that is being passed to the Motorola controller when the guests are hitting the login button.

https://10.23.7.201:444/cgi-bin/hslogin.cgi

The ip address is the Moto controller.

Does this look right to you?

cheers

Pete

Hi Pete,

Did you manage to make it work? I am currently having the same issue.

Thank you!

hello Francois,

apologies for not getting back sooner.

We did get is working once we moved the Clearpass version on.

Once we got to 6.4 Clearpass we were able to get the solution working with a Motorola

controller. I do remember that it HAD to be https (http didn't) work.

Apart from that we ran with the default settings through to the NAS vendor settings.

Let me know if you need any more information.

cheers

Pete

Hi Pete,

Thank you for your reply.

We got it working as well. We are also using v6.4 and HTTPS.

We had a network issue in our LAB where the VLAN we were using couldn't reach the DNS (blocked by the firewall). So we tried using a different VLAN that we know would have access to the DNS and everything worked fine.

Thanks.

François

Would it be possible to share your controller config? We have been struggling with setting up the captive guest portal and Zebra support has not been able to help.

^^ did you have any luck getting this to work? I have a little success in getting this setup, however not all is working as we are expecting.

We are able to have guest users authenticate using the ClearPass portal, however the expiration time limit does not function as expected. Also, when we try to terminate a guest user, we recieve errors that the CoA is not responding or accepting the commands from the CPPM

Did you guys manage to get this working? I'm stuck with a similar issue.

I have our Motorola controller IP address in the NAS settings, the captive portal redirects to https://*motorola_Controller_IP*:444/cgi-bin/hslogin.cgi however I recieve a 404 'cannot reach this page' style error.