Wireless Access

 View Only
  • 1.  Windows not redirecting to portal

    Posted Feb 28, 2024 04:43 PM

    I have recently setup Guest Authentication with MAC caching on Clearpass to work with Cisco 9800 wireless controllers. (Quite a dev process).
    When users connect to the guest network, Clearpass checks to see if their mac address is "Known" in the Endpoints Repository. If it is not known then the default Enforcement Profile gives them the ACL and Redirection URL to a ClearPass Portal.
    Most devices are working up to this point and redirect correctly. But Windows laptops are not.
    Windows gets an IP address and the correct DNS servers, etc. But, they CANNOT resolve URLs.
    Again, all other devices are working and DNS works properly, its just Windows laptops.
    Because they cannot resolve DNS, they cannot get to the portal.
    We are using enterprise openDNS servers with Cisco Umbrella for wireless users.
    Has anyone seen something like this before? And, were you able to resolve it?
    Does anyone have something to try, because I am out of ideas.
    Thanks!
    Bob



  • 2.  RE: Windows not redirecting to portal

    Posted Feb 29, 2024 10:50 AM

    Are you able to browse to the Captive Portal site with the CPPM host IP instead of FQDN?

    What does you Enforcement Profile look like? If DNS is being blocked, the Cisco 9800 or Upstream firewall would be enforcing those rules. 



    ------------------------------
    If my post was useful, please Accept Solution and Give Kudos.
    ------------------------------
    Zak Chalupka
    Principal Engineer - HPE Aruba
    ACDX | ACMP | ACSP | ACCP
    wifizak@hpe.com
    ------------------------------
    Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
    ------------------------------



  • 3.  RE: Windows not redirecting to portal

    Posted Mar 01, 2024 06:10 PM
    Edited by bob.akers Apr 01, 2024 07:04 PM

    Thank you for replying to my post.

    It is very strange in that DNS seems to eventually work. But it will take up to 5 minutes sometimes.

    Sometimes it is instantaneous.

    We have rebooted our DNS servers today, I'll continue to test.