It looks like the controller is redirecting the client's traffic to the ClearPass. Make sure that in the initial role (or role your guests are in when this issue happens), traffic to your ClearPass server is allowed as an exemption for the redirection. Like the following:
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 11, 2021 11:44 AM
From: Christopher Jones
Subject: MM + CPPM Captive portal redirect loop issue
Thanks mkk & Craig for your replies!
- Both controllers have IPv4/IPv6 IP's on the guest VLAN IP interface
- Clients on the Guest VLAN can ping the CPPM IP's
- Controllers can also ping CPPM IP's
- SSL Certificates have been installed on MM and CPPM
- Clients can resolve DNS
When I resolve the captive portal hostname as a client on the guest VLAN, it shows up as the controller's IP address, not the CPPM address. I think this is the DNS intercept happening?
I thought it might be a routing issue as you suggested, but it seems like clients and controllers can reach the CPPM fine through the firewall. I will keep testing it though.
Any other suggestions?
Original Message:
Sent: Jun 11, 2021 05:37 AM
From: Craig Syme
Subject: MM + CPPM Captive portal redirect loop issue
As what mkk said, have you also confirmed the Guest VLAN can reach the Captive Portal (e.g all routing and ACL's in place) and have the factory shipped certificates on the MD + CPPM been replaced as well? The client will also need a working and valid DNS server as well. This will allow the controller to intercept the DNS reply and perform the HTTP 302 re-direct.
------------------------------
Craig Syme
Original Message:
Sent: Jun 11, 2021 03:43 AM
From: marcel koedijk
Subject: MM + CPPM Captive portal redirect loop issue
Hi Chris,
Did you configure an IP address on the controller for the guest vlan ip interface. When you not see the portal and it's looping this seems like the issue.
------------------------------
Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | ACDA | Ekahau ECSE | Not an HPE Employee | Opionions are my own
Original Message:
Sent: Jun 10, 2021 04:00 PM
From: Christopher Jones
Subject: MM + CPPM Captive portal redirect loop issue
Hello,
We have a Mobility Master 8.5 + 2 controllers with a guest SSID set to use Clearpass Captive Portal for self registration + MAC caching.
The problem is that the captive portal page never shows up, but we get stuck in a loop in the browser. It goes to the correct URL with a 302 temporary redirect, and then shows a blank 200 Ok page, and then redirects back to the 302 temporary redirect about every 1 second. See screenshot.
I know it's gotta be something simple, but haven't figured it out. Anyone seen this before, or have suggestions on what to check in the MM/CPPM?
Thanks,
Chris