Occasional Contributor II

Access Denied error on controller after ClearPass captive portal redirect.



I have an issue described in the following article.


However my issue is not the allowed ports. My issue is vrrp address. 


Network setup as bellow. 

Two controllers in active-hotstand by mode and vrrp ip is configured on vlan 3 (AP vlan).

Controllers has IP addresses configured on vlan 2 (mgt) and ClearPass also on vlan 2.


ClearPass is a cluster of 2x CP500 boxes and access via VIP.  ClearPass configured google social login.  

Both controller and clearpass have FQDNs and ssl certificates installed to avoid trusted issues with captive portal. 


Whe user login to guest network it will redirect to cleapass captive-portal web page where user click on G+ button to login with google account. once succes authenticate with google, clearpass add user data to local database and send login request back to the controller. This is the point controller giving error DNS name followed by "/cgi-bin/login?errmsg=Access%20denied".


Controller DNS name is mapped to VRRP IP address. When I replace this with active master controller VLAN 2 IP address on CPs web-logins page settings it works. (expect giving untrusted error).


How can I resolve this to use the vrrp address. 


PS.  On controller config used vrrp address as NAS IP for clearpass and on ClearPass used same IP address to create Network Device.


Thanks in advance 








Search Airheads
Showing results for 
Search instead for 
Did you mean: