Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

ArubaOS8 - Guest Captive Portal with ClearPass - Not assigning guest role

This thread has been viewed 18 times
  • 1.  ArubaOS8 - Guest Captive Portal with ClearPass - Not assigning guest role

    Posted May 06, 2024 11:13 AM

    Hi everyone,

    I'm having a problem with a Guest SSID on Mobility Controllers 8.11.1.2, with a captive portal with sponsor and MAC caching on ClearPass 6.11.7.257550.

    SSID is on bridge mode, and as the official documentation says, I have enabled the ageout-bridge-user parameter in the aaa profile.

    Controllers are on another site different that APs, and controllers don't have an IP on guest VLAN network, so I have enabled the Allow tri-session with DNAT parameter on Firewall Controllers settings.

    I also changed default controllers captive portal certificate for a wildcard of my domain (*.mydomain.es).

    On ClearPass Policy Manager, I have two services created by default from the wizard, one of them for MAC authentication and the other one for MAC caching.

    On ClearPass Guest, I set up Self-Registration. First, with Controller-Initiated login method, but it wasn't working the redirection to captiveportal-login.mydomain.es, so now I have Server-Initiated login method. Furthermore, according to official documentation, is necessary the CoA sent to controller, and Server-Initiated is the method which supports this.

    I created a WebAuth service on ClearPass that is working, but with this service I can't to assing guest Aruba-User-Role to controller, so when a user logins correctly, captive portal redirects to Self-Registration page again (I think because the guest role is not being sent to the controller).

    So, I don't know if this is a problem with Clearpass, Controllers, certificates, networking, or something else...

    Thank you so much, 

    Regards.

     



    ------------------------------
    Pablo
    ------------------------------



  • 2.  RE: ArubaOS8 - Guest Captive Portal with ClearPass - Not assigning guest role

     
    Posted May 06, 2024 11:52 AM
    Captive Portal in bridge mode is not used often.  Please see the specific instructions on the page here, to see if you can get a clue what could be going on:  https://www.arubanetworks.com/techdocs/ArubaOS_8.11.1_Web_Help/Content/arubaos-solutions/captive-portal/enab-capt-port-enha.htm
    Provides an overview of enabling the captive portal enhancements that are introduced in ArubaOS.


    Also, you should be able to see the authentication in access tracker, to see if an attribute is being sent back to set the role.





  • 3.  RE: ArubaOS8 - Guest Captive Portal with ClearPass - Not assigning guest role

     
    Posted May 06, 2024 12:57 PM
    Hello,According to 8.7 features Captive Portal Enhancements (arubanetworks.com) an external CP should now be possible with bridged mode campus AP's. However thi
    community.arubanetworks.com