Security

 View Only
  • 1.  192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 04:08 PM

    Hello,

    Recently I try to configure a cisco virtual cisco WLC with clearpass. So I have created a guest SSID and when a client connects to it  he is successfully redirected  to clearpass slef signed portal. There the user can self register himself and he recieves the reciept from clearpass. When I press the "Login" botton to continue further then I receive in the browser the address https://192.0.2.1/login.html?redirect and I cannot continue. In addition I cannot see any radius messages from access tracker to arrive at the clearpass.

     

    The problem is not for sure in the radius configuration of the cisco wlc because I have another wlan connection "corporate ssid", where I use 802.1.x for authentication and I recieve radius messages.

     

    In the self registration captive portal I have configured the following fields

    Vendor Setting=Cisco systems

    Login Method= Controler Initiated

    IP address= 192.0.2.1  ( the virtual interface of controller. Also I have verified the webauth certificate of WLC has CN=192.0.2.1).

    Pre-Auth Check=none- no extra checks will be made

     

    Also I tried the same configuration by using FQDN i.e guest.domain.gr because, by using DNS Host Name, Changing the webauth certificate to have cn=guest.domain.gr, create a dns entry for guest.domain.gr->192.0.2.1. Again I had the same result.

     

    Has anyone met this problem?I have a couple of days and I cannot understand why this happens.

     



  • 2.  RE: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 04:40 PM

    Are you running server initiated (depending on IOS version you cannot use controller initiated) and did you verify they you are using the correct port for COA?

     

    Screen Shot 2019-08-06 at 3.34.31 PM.png



  • 3.  RE: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 05:25 PM
    I am running controler initiated because i do not use ios switch but cisco wireless controller. Should it be "server initiated"?

    From the radius configuration of cisco wireless controller i have enabled the CoA. It should be the default port..i can check it and get back to you.


  • 4.  RE: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

    Posted Aug 08, 2019 12:55 AM
    So about the port of CoA. Cisco wireless controller uses udp 1700. I tried to coa manually and i succeeded.

    Initially i wanted to create a guest portal with the clearpass service "guest with mac caching". This has as a requirement to use controler initiated and the wireless controller communicates with clearpass with radius.

    I tried your way (server initiated) which i had implemented for wired web auth and actually i received radius messages. Good news but because clearpass extracts the credentials and sends them to itself i need a webauth, coa and later to match a mac authentication service. The CoA could not be succeded when i tried to run it through a service. I tried cisco reauthenticate session.

    Anybody could help?