Security

Reply
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

clearpass guest login

I am having an issue with the authentication of clients connecting to a guest network on a local controller. The accounts are created successfully on Clearpass but when the user clicks the login button no RADIUS request is generated by the controller - when I do a controlpath capture nothing is seen. The same setup is working on the master contoller but I cant understand why its not working on the local - same roles, server, server group, CP profile, default certificate etc.

Any ideas - unfortunately the site is remote and theres nobody to test with.

Guru Elite
Posts: 19,949
Registered: ‎03-29-2007

Re: clearpass guest login

[ Edited ]

check the setting in the picture below:

 

If you have changed the default certificate for the controller, the controller will not respond to securelogin.arubanetworks.com and the "submit" will not happen.  If you also changed this ip address to a specific one, outside of the controller that the user is on, it also will not work....  

 

login.png

 

Did you change the ip cp-redirect-address on that local controller to ip address on the guest VLAN of that local controller?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: clearpass guest login

The default certificate has not been changed and the NAS login page still shows securelogin.arubanetworks.com - this is working on the master controller but not on the local - this is the key issue.

MVP
Posts: 4,006
Registered: ‎07-20-2011

Re: clearpass guest login

What do you have define as your source radius IP on the local controller ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: clearpass guest login

Under the server configuration I have the VLAN that the client has an IP address in - so the controllers IP address in that VLAN. We can run a successful aaa test-server test from the controller.

Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: clearpass guest login

I didnt have the ip cp-redirect command as part of the config - would this be an issue at this point. I wouldnt think so as the client has already been redirected to the CP.

Guru Elite
Posts: 19,949
Registered: ‎03-29-2007

Re: clearpass guest login

You do have the local controller in ClearPass, right?

 

like Vfabien says, under the Event Viewer in ClearPass, look and see if it is getting traffic from an Unexpected NAS device.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: clearpass guest login

Managed to get hold of someone to test - It seems that putting in the ip cp-redirect command has sorted it out. Not sure why though??!!

Search Airheads
Showing results for 
Search instead for 
Did you mean: