12-01-2016 05:57 AM
I recently implemented a new captive portal page for our guest network.
The captive portal page is built out of a "Web Logins" page and contains a bit of custom code to make the username and password be the same value.
The user only needs to put in their "user name".
The user name or ID comes from our Visitor management software used by our receptionist. It is printed on every visitor badge.
During my testing everything was working well. Since putting it into production I am having issues where some clients generate more then one request during the authentication process.
As you can see the requests differ quite a bit.
I have not been able to reproduce this behavior myself. What would cause this? Is it an issue with the portal page itself? Is it the client causing this? A configuration on the controller?
What disctates the "NAS-Port-Type" and "Service-Type" and whether or not things like the "Aruba-Port-Id" are included in the radius request?
Sorry, for all the questions. Seems everytime I work with the CPPM and controller it get a big reality check slap in the face that reminds me how little I acually know about both.
12-01-2016 09:38 PM
NAS-Port-Type 15 is Ethernet (wired), Service-Type 17 is Authorize Only
NAS-Port-Type 19 is Wireless, Service-Type 1 is Login
Do you have a wired switch in the path that is performing some type of authentication?
02-18-2017 08:03 AM
I apologize for never replying to this post. I got side tracked onto something else and was never able to get back to looking into this issue. As a quick solution I modifed my service to catch all of the different requests that the ClearPass was seeing.
We currently have all our of Cisco switches configured for 802.1x. The AP's themselves are doing MAC auth (at the moment). All information is sent back to the controller, nothing is terminated on the switches.
The guest request shouldn't be seen by the switch at all (at least this is what I am assuming). Could it be that somehow the AP doing MAC auth is some how interferring with the Guest authentication process?