aaa new-model
aaa session-id common
!
aaa authentication login default group tacacs+ local
!
aaa authentication login LOG-AUTH group ClearPass-RADIUS
aaa authorization network NET-AUTH group ClearPass-RADIUS
aaa authorization network LOG-AUTH group ClearPass-RADIUS
!
!
!
!
!
!
!
radius server Clearpass1
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
key 7 passwd
!
radius server Clearpass2
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
key 7 passwd
!
!
!
aaa group server radius ClearPass-RADIUS
server name Clearpass1
server name Clearpass2
subscriber mac-filtering security-mode mac
!
!
!
!
!
!
!
wlan SSID-LAB 23 SSID-LAB
band-select
client vlan default-non-usable
no exclusionlist
ip access-group web ACL-REDIRECT
mac-filtering NET-AUTH
peer-blocking drop
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
no security ft over-the-ds
security web-auth
security web-auth authentication-list LOG-AUTH
security web-auth on-macfilter-failure
security web-auth parameter-map LOG-Redirect
session-timeout 1800
no shutdown
parameter-map type webauth global
virtual-ip ipv4 172.16.253.253
max-http-conns 200
parameter-map type webauth LOG-Redirect
type webauth
redirect for-login https://<Clear pass IP>/guest/cisco.php
redirect portal ipv4 <Clear pass IP>
ip access-list extended ACL-REDIRECT
permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any eq bootpc any
permit udp any any eq domain
permit udp any eq domain any
permit ip any host <Clear pass IP>
permit ip host <Clear pass IP> any
This is the config i am using, Unfortunatly, i get web page from clear pass ,the pre-auth works from clear pass. but the web-auth is not going to clear pass and looping back and from on vitual IP in 5760. Since the web-auth timing out from clear-pass, not getting successfull and looping back to authendication.