Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

AOS8 and clearpass portal guest

This thread has been viewed 2 times

  • 1.  AOS8 and clearpass portal guest

    Posted Feb 19, 2020 05:20 AM

    Good Morning all

     

    We are int the end fase of implementing a wireless network.

    Now is time for guest..

    we have AOS8 cluster installed and Clearpass version 6.8 ( cluster)

    We configured the guest wlan on th MC node and create the guest authentication with mac on Clearpass.

    The DHCp is on the client side and the default GW is a CHeckpoint Firewall

     

    We are not getting captive portal , and checking the FW logs we see that is address spoofing. 

    As I understand when we are connected to the guest , we get IP address but we are not redirected to the portal. on the chekpoint I only see drops from my client IP address ( IOS device for example)

    IS there anything that could be done on the Aruba solution or we should config the FW to permit the client to come inside again on traffic.

     

    Hope I cloud explain it good for understanting.


    Regards

     



  • 2.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 08:23 AM
    A couple of things:
    - In the controller side make sure you assign a static IP under guest VLAN
    - Need to allow 443/80 to ClearPass on your controller logon role
    - allow port 443/80 on your firewall to ClearPass

    Is there a route to ClearPass from your firewall ?
    Are you redirecting the guest user to the URL using the FQDN ? If so what DNS server will the guest user use ?




    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 08:35 AM

    Hi Victor

     

    guest Vlan settings are manage on the client side. Do I need static IP on controller? 

    I do not have it for the corporate wlans. Only vlan ids. 

    Also Dhcp is managed by the client infrastruture and dns are client ones. Guest will use those dns. 



  • 4.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 09:15 AM
    For the captive portal redirect to work , you need to have a static IP assigned under the Guest VLAN (L3 Interface)

    Sent from Mail for Windows 10


  • 5.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 10:37 AM

    Ok,

     

    But we have L3 configured on the FW to that Vlan Guest. ( .254)

    You are saying that i should have one ( .253 ) on the controller side is that?

     

    Regards



  • 6.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 10:46 AM
    Yes you to assign one to the controller(s)



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 7.  RE: AOS8 and clearpass portal guest

    Posted Feb 19, 2020 11:19 AM

    Great,

     

    We get the portal now thanks

     

    Now just need to check the service under clearpass.

    It stays saying "please wait while we log you in " , after credential entered.

     

    Thanks for the help 

    Regards