Security

Reply
Super Contributor II
Posts: 397
Registered: ‎09-05-2012

New Captive Portal page generating multiple log in requests per client

Hi,

 

I recently implemented a new captive portal page for our guest network.

 

The captive portal page is built out of a "Web Logins" page and contains a bit of custom code to make the username and password be the same value.

The user only needs to put in their "user name".

The user name or ID comes from our Visitor management software used by our receptionist. It is printed on every visitor badge.

 

During my testing everything was working well. Since putting it into production I am having issues where some clients generate more then one request during the authentication process.

Request 1:

2016-12-01_08h44_09.png

Request 2:

2016-12-01_08h44_28.png

As you can see the requests differ quite a bit.

 

I have not been able to reproduce this behavior myself. What would cause this? Is it an issue with the portal page itself? Is it the client causing this? A configuration on the controller?

 

What disctates the "NAS-Port-Type" and "Service-Type" and whether or not things like the "Aruba-Port-Id" are included in the radius request?

 

Sorry, for all the questions. Seems everytime I work with the CPPM and controller it get a big reality check slap in the face that reminds me how little I acually know about both.

 

Cheers

Community Administrator
Posts: 34
Registered: ‎11-01-2012

Re: New Captive Portal page generating multiple log in requests per client

NAS-Port-Type 15 is Ethernet (wired), Service-Type 17 is Authorize Only

NAS-Port-Type 19 is Wireless, Service-Type 1 is Login

 

Do you have a wired switch in the path that is performing some type of authentication?

 

 

Super Contributor II
Posts: 397
Registered: ‎09-05-2012

Re: New Captive Portal page generating multiple log in requests per client

Hi rfiler,

 

I apologize for never replying to this post. I got side tracked onto something else and was never able to get back to looking into this issue. As a quick solution I modifed my service to catch all of the different requests that the ClearPass was seeing.

 

We currently have all our of Cisco switches configured for 802.1x. The AP's themselves are doing MAC auth (at the moment). All information is sent back to the controller, nothing is terminated on the switches.

 

The guest request shouldn't be seen by the switch at all (at least this is what I am assuming). Could it be that somehow the AP doing MAC auth is some how interferring with the Guest authentication process?

Search Airheads
Showing results for 
Search instead for 
Did you mean: