I am trying to get users redirected to my new clearpass guest server. The role the user receives contains:
Allow user 80 and 443 to CP server
2. Logon Control
3 Captive Portal
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
and the proper captive portal profile is selected.
I have Policy enforcement firewall if that is a concern.
I am a little fuzzy on how the captive portal policy is suppose to redirect, should I have additional line in there that says something like:
user any servce http https send to captive portal ??
Currently the user gets DHCP and can access nothing else execpt to browse to the CP server, but is not forced there.
Couple of things to check:
- Is DNS working properly? Can the client do an nslookup? Try connecting to an IP (any IP; 188.8.131.52) to force a redirect
- Does your controller have an IP on the the guest network (required for captive portal)?
- The What URL do you have defined in the CP profile; does it look like the client is even attempting to access it at all?
When you you look at the datapath sessions of that user, does it show any redirects?
show user ip x.x.x.x (look at the firewall sessions at the top of the output).....you'll need to run this right when the client is attempting to access.
The captive portal profile is fine as is; the dst-nat entries handle the redirct; but the controller reuqires an IP on that VLAN.
No the controller does not have a IP address on this vlan, that is different then my other captive portal config I have, and probably is the culprit. thanks so much.
Thanks Clembo. :smileyhappy:
This helps me with my configuration too! You made my day.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.