Security

Reply
New Contributor

192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

Hello,

Recently I try to configure a cisco virtual cisco WLC with clearpass. So I have created a guest SSID and when a client connects to it  he is successfully redirected  to clearpass slef signed portal. There the user can self register himself and he recieves the reciept from clearpass. When I press the "Login" botton to continue further then I receive in the browser the address https://192.0.2.1/login.html?redirect and I cannot continue. In addition I cannot see any radius messages from access tracker to arrive at the clearpass.

 

The problem is not for sure in the radius configuration of the cisco wlc because I have another wlan connection "corporate ssid", where I use 802.1.x for authentication and I recieve radius messages.

 

In the self registration captive portal I have configured the following fields

Vendor Setting=Cisco systems

Login Method= Controler Initiated

IP address= 192.0.2.1  ( the virtual interface of controller. Also I have verified the webauth certificate of WLC has CN=192.0.2.1).

Pre-Auth Check=none- no extra checks will be made

 

Also I tried the same configuration by using FQDN i.e guest.domain.gr because, by using DNS Host Name, Changing the webauth certificate to have cn=guest.domain.gr, create a dns entry for guest.domain.gr->192.0.2.1. Again I had the same result.

 

Has anyone met this problem?I have a couple of days and I cannot understand why this happens.

 

Aruba

Re: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

Are you running server initiated (depending on IOS version you cannot use controller initiated) and did you verify they you are using the correct port for COA?

 

Screen Shot 2019-08-06 at 3.34.31 PM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
New Contributor

Re: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

I am running controler initiated because i do not use ios switch but cisco wireless controller. Should it be "server initiated"?

From the radius configuration of cisco wireless controller i have enabled the CoA. It should be the default port..i can check it and get back to you.
New Contributor

Re: 192.0.2.1/login.html?redirect error with Cisco WLC - CLEARPASS

So about the port of CoA. Cisco wireless controller uses udp 1700. I tried to coa manually and i succeeded.

Initially i wanted to create a guest portal with the clearpass service "guest with mac caching". This has as a requirement to use controler initiated and the wireless controller communicates with clearpass with radius.

I tried your way (server initiated) which i had implemented for wired web auth and actually i received radius messages. Good news but because clearpass extracts the credentials and sends them to itself i need a webauth, coa and later to match a mac authentication service. The CoA could not be succeded when i tried to run it through a service. I tried cisco reauthenticate session.

Anybody could help?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: