Hello
It is possible to configure mac caching on this scenario:
1 gateway managed by aruba central with Aruba OS 10 on tunnel mode
Im trying to do it but with no luck. i got the same scenario but instead of using gateway and central *i just use and instant with OS8 and it works just fine.
I also tried configuing mac caching with cloud authentication and hte Tac told me that on tunnel mode it was not possible, and i had to do it on bridge mode. On bridge mode worked. He told me that it should work with clearpass on tunnel mode but im unable to do it
Anyways the configuration is the fallowing
I have a group of APS
And another group for the gateway
I go to the group of APs i add the SSID of the guest network i add the guest vlan i hit and put tunnel mode and i select the cluster, on security i slide to visitors, i click to external captive portal, i seclect the captive portal profile, which i put the hostname and the /guest/landingpage.php of the clearpass, i select my clearpass as primary server, i hit on mac authentication for the mac caching, and the accounting use the authenticated srver, then just click next next finish.
I was checking on the gateway group if something was missing i mean the mac authentication config but it seems there, it seems that it does that all automatically.
I also uploaded the cert to aruba central then assigned it to the gateway group on the captive portal certificate
I dont know what im missing, but i doubt is something on the clearpass, i think its something on the aruba central, gateway end.
The certificate on the clearpass is there, the 2 services for the mac authentication, also self registration page all is already done.
Any ideas what i could missing? when i see the access tracker i get something like this
Policy server |
Failed to construct filter=SELECT CASE WHEN expire_time is null or expire_time > now() THEN 'false' ELSE 'true' END AS is_expired, CASE WHEN enabled = true THEN 'true' ELSE 'false' END as is_enabled FROM tips_guest_users WHERE ((guest_type = 'USER') AND (user_id = '%{Endpoint:Username}') AND (app_name != 'Onboard')). Failed to get value for attributes=[AccountEnabled, AccountExpired] |
RADIUS |
[Endpoints Repository] - localhost: User not found. Applied 'Reject' profile |
It seems like tips roles its never equal to [Guest] (i used the mac caching template to build it)
But like i said i have a lab that works fine with instant and aruba os8 with the same rules on the clearpass but does not work with the aruba os10 on tunnel mode with aruba central and the gateway