Frequent Contributor II

Re: CPPM and captive portal

Double checking all of the controller config now. Would




still be the correct web url for the login page?

Re: CPPM and captive portal

It sounds suspiciously like it is trying to auth against the controller InternalDB.  Where did you put the server-group that has Clearpass in it?


It needs to be in the captive-portal profile configuration.  If you are using the mach-caching with Clearpass, you need to put it as the 'mac-auth server-group' within the aaa-profile as well.

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Frequent Contributor II

Re: CPPM and captive portal

I agree on all points made: it is not trying to talk with AD/Radius.  But why?


Here's what I have from a flow chart perspective thus far:


Initial role = CPG-login ; this gives the Captive Portal Profile = ClearPass_CP

ClearPass_CP --> login page = http://x.x.x.x/guest/guest_register_login.php as well as Server Group = ClearPass (with CPPM server in it)

Since ClearPass server/server group works with .1x, I do not believe that is the issue.


Does the Policy Simulation work in CPPM?  I'm trying to make sure it hits my Service but I cannot get it to answer anything other than no policy matches.


Service Rule (default for guest with MAC)

IETF - Calling-station-Id - exists

Connection - Client-MAC-Address  <> %{Radius:IETF:User-Name}

Aruba - Aruba-ESSID-Name = OURssid






Frequent Contributor II

Re: CPPM and captive portal

Found the issue.  It is hidden way down deep.  Took multiple Aruba engineers + others to finally find it.


You have to turn off Pre-Auth in the guest management "NAS login".  Since AD is an external source, you don't do the pre-auth.

Search Airheads
Showing results for 
Search instead for 
Did you mean: