Security

Reply
Occasional Contributor I

Replacing Cisco ISE with Clearpass

Hi, I am pretty new to Clearpass but i have a question which i hope someone can point me in the right direction. We are in the process of deploying CPPM and Aruba controllers. We also have a large Cisco Wifi and ISE deployment. I want to get rid of ISE and use CPPM instead.

I have manged to get 802.1X working on the CIsco WLC by using CPPM. However we also have a guest portal in the Cisco environment that uses ISE for authentication. In the guest environment we are using Anchor controllers. Can anyone advice or point me in the right direction of a document showing how best to get CPPM doing providing the Guest portal rather than ISE. I havent managed to get this going yet.

Aruba Employee

Re: Replacing Cisco ISE with Clearpass

If the anchor controller is located in a DMZ network, does the user VLAN for guest users have network connectivity to the ClearPass appliance that's hosting the captive portal?

 

If you test with an SSID that isn't using an anchor, does captive portal work? Lastely, what code version are you runnig on the WLC?


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor I

Re: Replacing Cisco ISE with Clearpass

Hi

 

Yes the Anchor is in the DMZ, also CPPM has a leg in the DMZ so connectivity wise a Cisco user could reach the CPPM guest portal. 

The Cisco WLC is running y 7.5.102.0 on the anchors and a much later version on the non anchors.

I have not tried setting this up without the Anchor but i can try and test today.

If there are any design guides around that would be great.

Aruba Employee

Re: Replacing Cisco ISE with Clearpass

In my testing, the anchor and inside WLCs were using the same code, so would need to confirm with Cisco that the mixed code versions between anchor and inside controllers are compatible.

 

What is the client experience when they try to connect to the guest network? Do they attempt to redirect to the portal but get an error instead? Can the guest device manually browse to the captive portal or is it blocked?  Has a valid SSL cert been installed on the anchor WLC? It may be the pre-auth ACL that's preventing the redirect, or may be another part of the integration.


Charlie Clemmer
Aruba Customer Engineering
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: