07-26-2016 07:22 AM
Can someone please try to help me out here, When I connect to my guest network my controller points me to the webauth page clearpass is hosting for me.
but, it fails to load the page because "TOO_MANY_REDIRECTS"
it looks like it apphends the switch and ap information to the end of the login page address. like this:
https://myloginpage.xxxxx.xxx/?cmd=login&switchip=xx.xx.xx.xxx&mac=00:00:00:00:00:00&ip=xx.xx.xx.xxx&essid=XXXXX%2Dtest@apname=myapname&url=https%XX%XX%XX.... so on and so on for another 100+ chars....
anyone see this before? or know how to stop it?
07-26-2016 07:40 AM
it will append that information as part of the redirect, but in either the RADIUS server settings or captive portal profile settings you can opt to have some of that information included in the redirect or not.
The user connects to guest, tries to browse to a page and gets redirected, but the page displays "too many redirects". What path is the guest traffic taking, is it going outside the network, then back in through a NAT on a firewall or is it staying internal the whole time?
Are you using any kind of landing pages for time-based or device-based redirection besides the normal registration / login page?
Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
07-26-2016 07:45 AM - edited 07-26-2016 07:47 AM
you will need to whitelist your captive portal page before your natting to the controller (which throws in the redirect to the clearpass) is done; otherwise he will go into a redirect loop (you need to allow http and https to your captive portal)
Are you working with Aruba controllers ? On the L3 profile you can whitelist pages; make sure you whitlist your captive portal
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
07-26-2016 07:54 AM
The Guest traffic stays internal. I have all of the additional options to include things in the redirect uncheck on the captive portal settings.
Im not using anything but a standard login page on clearpass. Very basic for now.
I am only using clearpass for the webpage. RADIUS happens on my ISE server right now.