Hello,Question for Herman Robers I think Have you already created a tech document about the CAPPORT implementation on Clearpass 6.11 & AOS Controllers ?Apart from some slides on the ATM22 NL CPPM 6.11 presentation I haven't found any documentation about this topic.As I am fighting more and more those days with iPhone Captive Portal detection (with or without CNA) I would like to start evaluation
of the CAPPORT option.Thanks and kind regardsChristian Chautems
If you have access to Arubapedia (for Partners), you can search there for CAPPORT with ClearPass. That page has more info and some videos as well.Note that at the moment many devices behave different with CAPPORT, and many devices don't even support it. Especially combined with MAC Caching there are some strange behaviors with current versions. That may be one of the reasons that there is not a lot of public facing documentation. For testing that won't be a problem of course. If you don't have access to Arubapedia for Partners, your Aruba Partner can probably get that information on your behalf.
Hello,Question for Herman Robers I thinkHave you already created a tech document about the CAPPORT implementation on Clearpass 6.11 & AOS Controllers ?Apart from some slides on the ATM22 NL CPPM 6.11 presentation I haven't found any documentation about this topic.As I am fighting more and more those days with iPhone Captive Portal detection (with or without CNA) I would like to start evaluation
Hello Herman,Thank you for the info, I will look into Arubapedia (I am a Partner) but it seems that the Partner Ready Portal has some issues as I cannot access any Aruba Tools today.Will try tomorrow if working.Kind regardsChristian Chautems
Hello Herman,It was my Partner account that had a problem but it is now corrected and I have again access to Arubapedia.I had a look on the CAPPORT documentation and it looks quiet complete :-)I will now start my configuration and testing, I have also seen the list of Caveats and will take them in account.Thanks and kind regardsChristian
There are an unfortunate number of caveats for CAPPORT though that document by Matthew is quite good. I'm curious to understand why a MAC caching workflow is not supported.
In short that is because the CAPPORT API in ClearPass queries the Insight database which is based on accounting data. If a client disconnects, the accounting is stopped and when the client returns there is no session and the API returns that there is a captive portal, until there is accounting data for the session. This is a bit complex to resolve in larger networks because the CAPPORT API typically runs on the DMZ ClearPass used for Guest and the MAC Caching on an internal server handling the MAC Authentication. This behavior is described as you found, and in a future version this might be improved, but I'm not aware of that.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.