Security

Hello Ulises

Im having trouble configuring this

It seems everythings goes fine.  The client get redirected to the portal, the client selft register, they give him access, he accept the access, and when he accept it and its being redirected to the WLC again this happens

The WLC virtual ip which is configured in the clearpass is permitted in the access list

They are managing the controller through the managment port.  It seems you can ping that ip but thats it they cannot access the controller or anything trhougn that ip, The internal captive portal works fine and thats the ip used as the captive portal and it works fine so i dont understand

The other thing i wanted to ask

I dont need a public cert in the Cisco WLC? is not like Aruba that you need those?  we dont want any trouble with the certificates errors

From your manual we are just missing this steps which i dont know you can confirm me if thats all the problem

Why i didnt configure this? because it seems its a global config and it seems their local cisco support says that changing this could affect their internal captive portal, so changing this would need them a maintanence window.

anyways i though i migh be not necesesary because you do the redirection in the WLAN profile in the L3 tab but well let me know Ulises please

Thanks 

I have integrated clearpass with Cisco WLC. When we connected to the SSID then redirected to  guest login network login page, after login the page stuck at 1.1.1.1/login.html? as per below snap. Could you please help on this. Thanks



Error Snap:

Get Outlook for Android

Think you are have the clearpass login method configured incorrectly here. When doing controller-initiated you have to add the fqdn (actually the controller captive portal page linked to virtual IP) which the http form will submit username/password to. Client actually have to go to this address (don't think it has to be resolvable as the WLC has a bind for the cert CN to it's virtual IP) and for https has to trust it before sending the username/pw. This will in turn trigger a new radius request to Clearpass on a different service and then when validated will return a different acl.

Seems your redirect has an IP-address and that won't work when doing https.

And yea - you want to be using https, and as long as you are using login-method "controller-initiated" you will need public valid ssl certs on both Clearpass and WLC to avoid errors. If using server-initiated then you only need that on Clearpass. This setup is in the Cisco WLC world called CWA - Central Web Authentication..

Some links for more information around this:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#toc-hId-325206534

Hello Ulises

Im having trouble configuring this

It seems everythings goes fine.  The client get redirected to the portal, the client selft register, they give him access, he accept the access, and when he accept it and its being redirected to the WLC again this happens

The WLC virtual ip which is configured in the clearpass is permitted in the access list

They are managing the controller through the managment port.  It seems you can ping that ip but thats it they cannot access the controller or anything trhougn that ip, The internal captive portal works fine and thats the ip used as the captive portal and it works fine so i dont understand

The other thing i wanted to ask

I dont need a public cert in the Cisco WLC? is not like Aruba that you need those?  we dont want any trouble with the certificates errors

From your manual we are just missing this steps which i dont know you can confirm me if thats all the problem

Why i didnt configure this? because it seems its a global config and it seems their local cisco support says that changing this could affect their internal captive portal, so changing this would need them a maintanence window.

anyways i though i migh be not necesesary because you do the redirection in the WLAN profile in the L3 tab but well let me know Ulises please

Thanks 

I have integrated clearpass with Cisco WLC. When we connected to the SSID then redirected to  guest login network login page, after login the page stuck at 1.1.1.1/login.html? as per below snap. Could you please help on this. Thanks



Error Snap:

Get Outlook for Android