Wireless Access

Reply
Occasional Contributor II

Re: Clearpass Captive Portal Loop

This what I see for certificates on my IAP here. Just the default Aruba certificate for the captive portal. Redirection when it is like this will only work to securelogin.arubanetworks.com. 

 

In Clearpass also verify that the NAS login settings show controller-initiated not server-initiated.

 

Occasional Contributor II

Re: Clearpass Captive Portal Loop

Yeah it is definitely on controller-initiated, the NAS address disappears if you switch off that. Sounds like the you have a similar setup with the certificates then. We do have a portion of the network using AP-105s which is still working. They just have a standard password instead of a sponsor. The only main difference I can see is the role_id but changing that doesn't do much. 

Occasional Contributor II

Re: Clearpass Captive Portal Loop

Just wanted to add some more info today in case anyone else took a loot. I checked the firewall and don't see any traffic being blocked. I am able to get the IP from DHCP, DNS works and my IP is in the correct subnet. Also, I can use nslookup to find IP addresses for common sites while connected to Guest like yahoo and cnn but cant actually connect to anything. 

Re: Clearpass Captive Portal Loop

Do you see anything in event viewer in Clearpass?

 

Try to do an auth test from the cli of the IAP and see if that shows up in access tracker.

 

aaa test-server <servername> username <username> password <passwd> auth-type pap

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Occasional Contributor II

Re: Clearpass Captive Portal Loop

The event view is mostly just Admin UI logging in and Auto Cleanup. There are 3 instances of RADIUS Authentication errors from 2 days ago all within a couple minutes of eachother, but considering I have been working on this for a few days and thats the first time I've seen that error I think it may just be coincidence or related to something else. 

 

I ran the command:

 

aaa test-server clearpass username username password password auth-type pap 

 

The username and password were the temporary Guest credentials I got after being accepted by a sponsor. Which came up as "The RADIUS server clearpass not existing".

 

I tried "nslookup clearpass" on my computer and on the router and both were able to resolve it so I am not sure why it is saying it doesn't exist. 

Occasional Contributor II

Re: Clearpass Captive Portal Loop

Update to the RADIUS server. My issue was I didn't capitalize. Using a show radius-servers command I see the ClearPass server, with 2 IAPs connected. The aaa test-server command times out though

Highlighted

Re: Clearpass Captive Portal Loop

If that command times out it is usually one of two things.  Either the shared secret is wrong or there is no route to CPPM.

An incorrect shared secret will show in the event viewer.

You could also try a capture on the cppm end just to make sure the packets are actually getting there.  Go to Administration --> Server Manager --> Server Configuration.  Click on your cppm and then collect logs.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: