Security

I am having an issue with the authentication of clients connecting to a guest network on a local controller. The accounts are created successfully on Clearpass but when the user clicks the login button no RADIUS request is generated by the controller - when I do a controlpath capture nothing is seen. The same setup is working on the master contoller but I cant understand why its not working on the local - same roles, server, server group, CP profile, default certificate etc.

Any ideas - unfortunately the site is remote and theres nobody to test with.

check the setting in the picture below:

If you have changed the default certificate for the controller, the controller will not respond to securelogin.arubanetworks.com and the "submit" will not happen.  If you also changed this ip address to a specific one, outside of the controller that the user is on, it also will not work....  

Did you change the ip cp-redirect-address on that local controller to ip address on the guest VLAN of that local controller?

The default certificate has not been changed and the NAS login page still shows securelogin.arubanetworks.com - this is working on the master controller but not on the local - this is the key issue.

Under the server configuration I have the VLAN that the client has an IP address in - so the controllers IP address in that VLAN. We can run a successful aaa test-server test from the controller.

I didnt have the ip cp-redirect command as part of the config - would this be an issue at this point. I wouldnt think so as the client has already been redirected to the CP.

You do have the local controller in ClearPass, right?

like Vfabien says, under the Event Viewer in ClearPass, look and see if it is getting traffic from an Unexpected NAS device.

Managed to get hold of someone to test - It seems that putting in the ip cp-redirect command has sorted it out. Not sure why though??!!