Security

Reply
Highlighted
Moderator

Re: Captive Portal Redirects to login after sucessful auth

Are these virtual or hardware appliances?

 

If virtual, are your vSwitches configured to Accept Forged Transmits?

 

vmware-forged-tx.JPG



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted

Re: Captive Portal Redirects to login after sucessful auth

They're physical appliances.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

Both ClearPass instances think they're the active virtual IP host.

 

2014-09-03 09_49_49-ClearPass Policy Manager.png

 

We've removed and re-added the virtual IP setting to no avail. Dell and Aruba TAC are investigating.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

Removed Virtual IP settings

Removed standby publisher settings

Dropped subscriber

Ran make subscriber

Added virtual IP settings

Checked and both nodes still show as the current node of virtual IP.

 

Anyone else running virtual IP settings??


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

The only time I have seen that issue is where there is a firewall between and the heartbeat is being blocked between the cluster from the subscriber.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Highlighted
MVP

Re: Captive Portal Redirects to login after sucessful auth

Installed the same setup you have at a customer site with VIP - no problems.
You sure there is wide open Layer2 connection between those two boxes? Just asking since problems in that area could give those symptoms.

Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

Customer assures me there's no firewall between the clearpass instances. They're both on the same VLAN within the same building. 


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

UPDATE!

 

To rule out the wired infrastructure we patched both ClearPass instances into the same switch. We still saw the same behaviour though.


Tried patching both ClearPass into another switch and boom! Well not boom, but VRRP started working as expected.

 

Looked like an issue with the Dell switch the customer was using.

 

Switch model Dell N2048P 
Firmware 6.0.1.3
 
We patched 1 ClearPass back into the Dell switch and VRRP immediately stopped working normally. E.g. both ClearPass instances believed they were the primary for the virtual IP.
 
We showed Dell who replicated it in their lab. 
 
After some time Dell provided a workaround which is to disable IGMP Snooping on their switch.
 

console (config)# no ip igmp snooping

console (config)# end

 

Cheers

James


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

View solution in original post

Highlighted
MVP

Re: Captive Portal Redirects to login after sucessful auth

Well done! Thanks for providing the solution to this problem.


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted

Re: Captive Portal Redirects to login after sucessful auth

Additional information...

 

Clearpass is using UCARP not VRRP to share a common virtual IP address between instances.

 

Currently Dell switches (see details below) do not support the UCARP protocol. 

As mentioned disabling IGMP snooping is a workaround to get this working.

 

UCARP has been put forward as a feature request.

 

Switch details:

Dell Networking N2048P

OS 6.0.1.3

 

May not be limited to this model and OS.


Cheers
James


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: