Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Captive portal and Aerohive.

This thread has been viewed 4 times

  • 1.  Clearpass Captive portal and Aerohive.

    Posted Feb 12, 2019 11:58 AM

    I tried to setup Clearpass as a Weblogin and Radius for guest on Aerohive.

    Followed the instructions as in document https://community.arubanetworks.com/t5/Security/Tutorial-Aerohive-Integration-with-Clearpass-corp-and-guest-mhc/td-p/149134

    In basic Clearpass weblogin settings

    • Vendor type Aerohive
    • Secure login – use https
    • IP address – 1.1.1.1
    • Password Encryption – No encryption
    • Aerohive is setup to redictect client to Clearpass login page.

     

    • Client @ login gets the correct login page.
    • username password entered
    • Client is stuck in https://1.1.1.1.reg.php
    • no radius requested initiated from Aerohive AP.
    • No HTTPS POST seen from clearpass to client.
    • Also tried another address for 1.1.1.1 there are some discussions on using this address ( I used 1.1.1.3)
    • Don’t know what php is expect this to be a script on Aerohive

     

    Found an  very/very old article  on

    https://getsatisfaction.com/aerohive/topics/external_cwp/

    With these settings  it works.

    To my opinion this is the same setup as the above setup.  

    Onlydifference  the vendor setting are  changed form Aerohive to Custom setting

    • Custom settings
    • Submit URL = http://1.1.1.3/reg.php
    • Submit Method: POST
    • Username Field
    • Password Field: password.

     

    My questions are:

    • Is the vendor setup for  vendor Aerohive broken or do I make a mistake
    • What is reg.php
    • Some experience with setting up Weblogin page and vendor selection  Aerohive?

     



  • 2.  RE: Clearpass Captive portal and Aerohive.

    EMPLOYEE
    Posted Feb 12, 2019 10:22 PM

    I ran into this recently and it ended up being that the URL to submit credentials to was not the documented 1.1.1.1. What we found was in some of the web-auth requests coming from Aerohive to CP we saw a Radius value of Application:WebLoginURL:NAS-IP-Address and that contained the IP address we needed to submit credentials to. I would check that. 



  • 3.  RE: Clearpass Captive portal and Aerohive.

    Posted Mar 27, 2019 05:06 AM

    Hello, I'm trying to set the same thing on my corporate network.

    With pre configured Aerohive settings & using UAM shared secret captive portal works with sponsoring. But the "already have an account, login" part does not work. I have a ok in clearpass for auth but I'm stuck at the 1.1.1.1 or 1.1.1.3 address with no connection to the network

     

    If I try the above custom settings it fails with an "internal error 500 error"

     

    Has anyone been able to fix this?



  • 4.  RE: Clearpass Captive portal and Aerohive.

    EMPLOYEE
    Posted Mar 27, 2019 08:27 AM

    Look at the Web-Auth entries in access tracker and look for the Radius details and see what is the IP for Application:WebLoginURL:NAS-IP-Address. I found that its not always 1.1.1.x

     

    The IP in Application:WebLoginURL:NAS-IP-Address would be the IP you need to post credentials to.