Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How to create a role to redirect user to a CPPM page

This thread has been viewed 40 times

  • 1.  How to create a role to redirect user to a CPPM page

    Posted Nov 04, 2020 07:52 AM
    Hi,

    I have a MM with two MCs and with Clearpass.
    We are installing onguard to use posture in wifi.

    I'm using server derived roles from clearpass to send the correct role for the wifi user.
    But I have one role that should redirect to a page in clearpass for unhealthy users.

    I created one like the guest-logon, but my users with this role is not being redirected.

    Is there a document showing how to create a role to redirect to a page in clearpass?

    ------------------------------
    Bruno Andrade
    ------------------------------


  • 2.  RE: How to create a role to redirect user to a CPPM page

    EMPLOYEE
    Posted Nov 04, 2020 08:43 AM
    Hi,

    Can you share the role configurarion?
    Besides the policy you shared there are others that you have to include in the role configuration. For example you also have to make sure that DNS is allowed in your role configuration.




    ------------------------------
    Luciano Carvalho
    ------------------------------

    Original Message


  • 3.  RE: How to create a role to redirect user to a CPPM page

    Posted Nov 04, 2020 08:55 AM
    Sure! I attached the image with all rules for this role.
    The line VIP is the IPs of my cppm (I have two)



    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message


  • 4.  RE: How to create a role to redirect user to a CPPM page

    MVP EXPERT
    Posted Nov 04, 2020 10:59 AM
    Have you defined the Captive Portal within the User Role?

    (Aruba7030) [mynode] (config) #user-role test
    (Aruba7030) ^[mynode] (config-submode)#captive-portal test

    If you haven't created the AAA Authentication Captive Portal Profile, you will need to do this first.

    Configuring Captive Portal Authentication Profiles

    The 'Login Page' within the Captive Portal Profile would be the URL of the page hosted by CPPM.

    ------------------------------
    Craig Syme
    ------------------------------

    Original Message


  • 5.  RE: How to create a role to redirect user to a CPPM page

    Posted Nov 04, 2020 01:18 PM
    Can you please tell me where can I do "defined the Captive Portal within the User Role" through the GUI?
    I'm using Mobility Master.

    The AAA authentication captive portal profile is already created and configured.
    I just don't know if it makes different to change the role in this part to the role that redirect to the page.

    OBS: The page in clearpass is just a information page, there is no login button.




    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message


  • 6.  RE: How to create a role to redirect user to a CPPM page

    EMPLOYEE
    Posted Nov 04, 2020 03:39 PM
    Hi.

    The captive portal configuration can be added on the role advanced view window.
    The screens below show an example of a role with captive portal enabled and redirection is working this configuration.




    Now some of the policies added to the role. The CPPM address is 192.168.100.11.





    ------------------------------
    Luciano Carvalho
    ------------------------------

    Original Message


  • 7.  RE: How to create a role to redirect user to a CPPM page

    Posted Nov 04, 2020 03:49 PM
    Oh.. yes I did it.
    The only difference is that I used the name instead the IP in the host part in captive portal tab.
    I will try to change to the IP and I let you know.

    Thanks in advance!

    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message


  • 8.  RE: How to create a role to redirect user to a CPPM page

    EMPLOYEE
    Posted Nov 05, 2020 04:18 AM
    Changing to the IP should not be needed if DNS is working. Hostname is preferred to avoid certificate warnings.

    Can you verify that if the client is connected, that the correct role (quarentena) is applied to that user? On the controller CLI you can run the 'show user' command to see all clients and active roles.
    Can you on the controller use the 'show rights quarentena' on the CLI, if quarentena is indeed the applied role to see all information about that role?
    Can you verify/confirm that you have an IP address assigned to the VLAN that your wireless client is in? That is the VLAN in which the client has received its IP address. The controller should also have an IP address in that VLAN in order to reach back to the client.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 9.  RE: How to create a role to redirect user to a CPPM page

    Posted Nov 05, 2020 08:51 AM
    Hello Herman!
    I don't have IP address configured in the vlan of the clients.
    So probably this is the issue.

    I will get a time to insert IP address in this VLAN in the controller and I let you known the result

    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message