Security

Reply
Occasional Contributor II

Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

I am working on a POC of a solution that will be provide WiFi coverage by deploying Aruba instant access points (IAP) in 100 plus sites.On each site Internet will be provided by 4G Modem Dongles connected to USB port of an Access Point. All IAPs will be managed by Aruba Central and Guest Wi-Fi services will be provided by ClearPass Guest.

 

Network Diagram

 

Figure-1.png

User Connectivity Flow

 

  1. User connects to Visitor SSID.
  2. SSID will automatically redirect to ClearPass Captive Portal Page.
  3. User have to click on “Please click here to Register yourself” to submit user information.
  4. User will then submit a form.
  5. User will then be redirected to demo.feag-games.com.

For POC demonstration we don’t have public IP addresses so we are working on the following way around.

 

Figure-2.png

 

But in this scenario we are facing issues as when a user connects to the SSID it only assigns user IP address and did not redirect user to the ClearPass captive portal for authentication as a result user remains in Pre authentication role.

 

If we remove 4G Dongle then everything works fine.

 

Figure-3.png

I have also attached user connectivety flow document.

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

When the client is facing the issue, are they able to perform a nslookup and receive a response from a working DNS server? The Captive Portal re-direct will not work if there is no valid DNS server.

ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Hi 

 

Yes user is geting  response from 4G Modem DNS server.

nslookup.png

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Do you see this in the datapath? What do you have configured in your
initial role?

ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Below is the configuration of Preauthentication role.

192.168.1.251 is CPPM IP address on LAN.

pre-auth.png

Occasional Contributor II

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Below is the configuration of Preauthentication role.

192.168.1.251 is CPPM IP address on LAN.

pre-auth.png

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Hi, in your nslookup screenshot it does not show if the client is able to successfully perform a nslookup whilst in your initial role.


Do you see the User Traffic arriving at the CPPM when the issue occurring? You can run a packet capture under Server Configuration to confirm this.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

This is the detail answer to your question regarding DNS.

nslookup2.pngnslookup3.png

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

Hi, in the latest screenshots DNS does not appear to be working. Can you set the client to use a public DNS such as 8.8.8.8 and test again? 


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Unable to redirect users to ClearPass Captive Portal when using 4G Dongle as Uplink

To be on the same page below is network diagram of the setup.

 

Figure-2.png

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: