Wireless Access

Reply
Frequent Contributor I
Posts: 64
Registered: ‎01-27-2014

captive portal with ClearPass and Cisco WLC

Hi.

I'm trying to setup wireless network for guests on Cisco 2504 WLC and I want to use captive portal on ClearPass (trial version) with self-registration. Because there so many options on ClearPass, I'm confused of how to configure controller and ClearPass and if it's necessary to use RADIUS. Right now I'm able to connect to guest network, request is redirected to captive portal where I can register. After registration, I can sign in successfully but then I'm redirected to 1.1.1.1 and I have no Internet access.

Can someone give me instructions/guides how to set it up or where to look to find out why it's not working?

 

Community Administrator
Posts: 2,254
Registered: ‎12-03-2013

Re: captive portal with ClearPass and Cisco WLC

You may have already looked but the user guide is here.

CWNA, ACMP, Security +
Frequent Contributor I
Posts: 64
Registered: ‎01-27-2014

Re: captive portal with ClearPass and Cisco WLC

Yes, I've already looked at user guide 6.5 (because this is the version I'm using) but it seems there are only general information. There are no details regarding my setup.

MVP
Posts: 4,228
Registered: ‎07-20-2011

Re: captive portal with ClearPass and Cisco WLC

[ Edited ]

You will need to add ClearPass for Radius Authentication and Accounting.

 

Are you using Mac Caching ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 64
Registered: ‎01-27-2014

Re: captive portal with ClearPass and Cisco WLC

I've already got RADIUS configured but I don't know if I have to associate it with Captive Portal.

 

I didn't configure MAC Caching so it depends if it's enabled by default.

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: captive portal with ClearPass and Cisco WLC

Over in ClearPass Guest, you need to make sure that you changed the NAS Login to Cisco for the Guest Self-Registration page.

 

Some info about the Guest Login process:

 

When you login, there are two things happening:

  1. Pre-auth check (we check to make sure the account is valid and not disabled)
  2. NAS Login (your browser does a POST to the Login Form on the controller at 1.1.1.1)

When number 2 occurs, the controller should generate a RADIUS request to ClearPass.

 

Other than that, you should be all set, as long as the request from the WLC hits the appropriate service in CPPM based on the service rules.

 

Thanks,

 

Zach

Thanks,

Zach Jennings
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: captive portal with ClearPass and Cisco WLC

I had the same problem hereit stucked in login please wait and it shows in access tracker as acceppted but no thing happen.

MVP
Posts: 4,228
Registered: ‎07-20-2011

Re: captive portal with ClearPass and Cisco WLC

You need to add the MAC address to the URL :
<URL>.php?mac=%{Connection: Client-Mac-Address}
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: captive portal with ClearPass and Cisco WLC

Hello Victor I added it on the redirection URL in Layer3 in WLAN and in web auth under security in controller and still the same I see in request it Identify the NAS as this

 

Radius:Aruba:Aruba-Essid-NameGUEST
Radius:Aruba:Aruba-Port-IdAloya
Radius:IETF:Calling-Station-Id%{Connection: Client-Mac-Address} ?switch_url=https://1.1.1.1/login.html
Radius:IETF:Event-Timestamp 
Radius:IETF:Framed-IP-Address172.16.12.24
Radius:IETF:NAS-IdentifierARUBA-CP
Radius:IETF:NAS-IP-Address127.0.0.1
Radius:IETF:NAS-Port0
Radius:IETF:NAS-Port-Type15
Radius:IETF:Service-Type17
Radius:IETF:User-Nameadam@aloya.com
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: captive portal with ClearPass and Cisco WLC

It Shows on clearpass accept request but after post authentication it redirect to this URL:

 

 

http://1.1.1.1/login.html?redirect=redirect

Search Airheads
Showing results for 
Search instead for 
Did you mean: