Security

Reply
Frequent Contributor II

Re: CPPM and captive portal

Double checking all of the controller config now. Would

 

http://x.x.x.x/guest/guest_register_login.php

 

still be the correct web url for the login page?

Re: CPPM and captive portal

It sounds suspiciously like it is trying to auth against the controller InternalDB.  Where did you put the server-group that has Clearpass in it?

 

It needs to be in the captive-portal profile configuration.  If you are using the mach-caching with Clearpass, you need to put it as the 'mac-auth server-group' within the aaa-profile as well.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Frequent Contributor II

Re: CPPM and captive portal

I agree on all points made: it is not trying to talk with AD/Radius.  But why?

 

Here's what I have from a flow chart perspective thus far:

 

Initial role = CPG-login ; this gives the Captive Portal Profile = ClearPass_CP

ClearPass_CP --> login page = http://x.x.x.x/guest/guest_register_login.php as well as Server Group = ClearPass (with CPPM server in it)

Since ClearPass server/server group works with .1x, I do not believe that is the issue.

 

Does the Policy Simulation work in CPPM?  I'm trying to make sure it hits my Service but I cannot get it to answer anything other than no policy matches.

 

Service Rule (default for guest with MAC)

IETF - Calling-station-Id - exists

Connection - Client-MAC-Address  <> %{Radius:IETF:User-Name}

Aruba - Aruba-ESSID-Name = OURssid

 

 

 

 

 

Highlighted
Frequent Contributor II

Re: CPPM and captive portal

Found the issue.  It is hidden way down deep.  Took multiple Aruba engineers + others to finally find it.

 

You have to turn off Pre-Auth in the guest management "NAS login".  Since AD is an external source, you don't do the pre-auth.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: