07-19-13 Expert Day

Aruba Employee

How does captive portal authentication really work with ClearPass Guest?


How does captive portal authentication really work?  What communication is made from each device: client device, ClearPass Guest, and the RADIUS client (controller, IAP)? 



The actual authentication process made during a CPG login is not necessarily intuitive.  Understanding the communication made between each device is very helpful when troubleshooting a captive portal login issue.  The workflow is best described in the flowchart shown below.  The most frequent misconception is that ClearPass initiates the communication with the controller to log in the user.  This is incorrect.  The client actually initiates the controller authentication by directly posting to the controller as seen in the flowchart under "Automated NAS Login".  When the controller receives the post from the client, the controller will trigger a RADIUS request to ClearPass Guest.