Security

 View Only
  • 1.  ClearPass URL Redirection

    Posted Nov 24, 2023 02:35 PM
    Hi

    I hope you are well. 
    I would like to make a query on how to create a profile in clearpass to send to open a page, what happens that I have users in quarantine vlan, but in addition to this I want to show the quarantine page that is hosted in the Guest of the CPPM.
    I understand that I can use the following:

    but when I put it in it does not redirect me anything, am I right or is there something else I should check or see?
     
    Thanks in advance.
    Patrick.


  • 2.  RE: ClearPass URL Redirection

    Posted Nov 24, 2023 06:51 PM

    i think the easiest way is to send the Aruba-user-role and that local role will have the URL to quarantine page which is hosted on ClearPass



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: ClearPass URL Redirection

    Posted Nov 24, 2023 07:08 PM

    Yes, I did that in the end, but I wanted to know why it didn't work or if there was something else to consider to make it work.
    I saw that some people put 'url-redirect= "web page"' and others don't use the initial, but neither way worked for me.
    Do you think there is a way to make it work with the enforcement profile?




  • 4.  RE: ClearPass URL Redirection

    Posted Nov 24, 2023 08:44 PM

    what is your NAD? is it a CX switch or Aruba controller or IAP?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 5.  RE: ClearPass URL Redirection

    Posted Nov 27, 2023 12:16 PM

    Is it a cluster of IAPs in Central




  • 6.  RE: ClearPass URL Redirection

    Posted Nov 26, 2023 02:57 PM

    Never used that myself, but pretty sure that VSA doesn't work alone. I would suggest you also return aruba-user-role with a role that is limited identical to the "guest-logon" is - tho with no captive-portal config. 



    ------------------------------
    John-Egil Solberg |
    ACMX | ACCX
    ------------------------------



  • 7.  RE: ClearPass URL Redirection

    Posted Nov 27, 2023 12:17 PM

    Likewise, if it actually works, then can we conclude that by itself it doesn't work? 




  • 8.  RE: ClearPass URL Redirection

    Posted Nov 28, 2023 08:47 AM

    Correct. Need "aruba-user-role" also, or you can maybe get around it using some default role/default mac-role in the AAA mac-auth profile.. Just verify what role the user has. 

    You could just create different guest-logon-ROLEXYZ and attach different captive-portals to them.. Not sure what is easiest in your cast, as the role will still have to be created..  



    ------------------------------
    John-Egil Solberg |
    ACMX#316 | ACCX#902
    ------------------------------