Cloud Managed Networks

last person joined: 4 days ago 

Forum to discuss all things Aruba Central and UXI Network Management, this includes Aruba Central managed networks, Central configuration, best practices, Central APIs, Cloud Guest, AIOps, Presence Analytics and Other Central Applications
Expand all | Collapse all

Central managed IAP guest captive portal clearpass redirect problem

Jump to Best Answer
This thread has been viewed 33 times
  • 1.  Central managed IAP guest captive portal clearpass redirect problem

    Posted 4 days ago
    Hello Community,

    I have built a Lab as follows.
    An Aruba IAP315 is attached to an Aruba CX6200F switch, the switch is connected to a 4G router. The IAP and the switch are managed by Aruba Central, which works great.
    We have a Clearpass server in one of our data centers, there is a router there, it has a VPN connection to the 4G router. The VPN connection also works without problems.
    More details on the picture in the attachment.
    LAB

    I have configured a guest ssid via Central on the iap. When you login to the ssid, you are redirected to the Clearpass login page.
    But when you log in, you don't get any further, after logging in via the Catpive portal the redirect doesn't work anymore.
    The Clearpass still contains securelogin.arubanetworks.com.
    I can't see anything in the Clearpass access tracker.

    Maybe someone has an idea what I am doing wrong.

    Thanks a lot


    ------------------------------
    Tobias
    ------------------------------


  • 2.  RE: Central managed IAP guest captive portal clearpass redirect problem

    Posted 4 days ago
    The factory shipped certificate is self signed and will cause issues. Ideally you need to replace this with a publicly signed certificate on both the CPPM + IAP. You'll also need to ensure that the NAS Login Settings also match the CN of the Certificate installed on the IAP.

    https://www.arubanetworks.com/techdocs/ClearPass/6.9/Guest/Content/Configuration/EnablingAndEditingNASLoginProperties.htm

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: Central managed IAP guest captive portal clearpass redirect problem

    Posted 4 days ago
    Hi,

    ok i thought that might be the problem....
    I have the same certificate from clearpass portal.xy.de also uploaded in Central via Global, Organizations, Certificates, how can I assign the certificate in Central to a group or an IAP, or is that automatic?

    So in clearpass I have to replace securlogin.arubanetworks.com with portal.xy.de, right?

    Thanks a lot

    ------------------------------
    Tobias
    ------------------------------



  • 4.  RE: Central managed IAP guest captive portal clearpass redirect problem
    Best Answer

    Posted 4 days ago
    Once you've uploaded the IAP Cert to Central (which you have already) go to Security -> Certificate usage where you assign the certificate to the Captive Portal. That is correct, under your Vendor Settings on the CPPM Guest page, where it says IP Address you'd add the CN of the Certificate you uploaded to the IAP.



    ------------------------------
    Craig Syme
    ------------------------------



  • 5.  RE: Central managed IAP guest captive portal clearpass redirect problem

    Posted yesterday
    Hi,

    ok, I tested it with the cppm certificate witch is: portal.xy.de so I were redirect to clearpass login.
    I have uploaded our *.xy.de certificate for the instant but this dont work.

    So I need a valid certificate for the IAP for example: vc.xy.de right?
    than change the name in the ip address field in cppm to vc.xy.de...

    with securelogin.arubanetworks.com and the send cleartext option, it works but, the browser shows unsecured conntection...

    Thanks

    ------------------------------
    Tobias
    ------------------------------



  • 6.  RE: Central managed IAP guest captive portal clearpass redirect problem

    Posted yesterday
    Hi Craig,

    Once you've uploaded the IAP Cert to Central (which you have already) go to Security -> Certificate usage where you assign the certificate to the Captive Portal.

    Under Security I cannot find anything to assign the certificate to a captive portal... (the captive portal is on clearpass)

    thanks

    ------------------------------
    Tobias
    ------------------------------