Security

Hi,

I would like to configure the clearpass captive portal on a Aruba 2530 Switch. i found a guide in the "HPE ArubaOS-Switch Management and Configuration Guide for YA/YB.16.03" Page 202 . But i can`t get a serviceconfiguration on clearpass policymanager for this guest service. I need to create a Service under "Clearpass  Policymanager" Services, which pushes the redirect Policy to the Switch, when a gusts connects to a switchport.

Thanks

 

Your MAC Authentication service should return HPE-User-Role and HPE-Captive-Portal-URL VSAs for unknown users.

How should the policy look like for unknown users ? i always get a reject for the mac authentication on clearpass.

I`ve attached screenshots of my clearpass configuration

You need to use Allow All MAC Auth as your auth method and set your captive portal user-role as the default profile for your enforcement policy.

 

 

HI, Thank you for the Update, i`ve got now a working redirect. But my Authentication rule for registered guests doesn`t work. i`ve attached screenshots of my configuration, thanks

Can you elaborate on “doesn’t work’?
Can you post screenshots of the access tracker request tabs.

Hi,

the service, i`ve created doesn`t match, after my login with a guestaccount on the portalpage, only the Service "wired mac" matches (i`ve attached a screenshot of my services). the Service "Wired GAST_MAC User Authentication with MAC Caching" should match. But maybe the Service ist not correctly configured..

Can you post screenshots of the access tracker request tabs?

HI, here`re the screenshots of the accesstracker.

I `ve created a guestvoucher on clearpass guest, and connectet a notebook to the auth ports, get the redirect to the clearpass guestporatal, and insert my guest testaccount. The name of the testguest is "werner@test.de" But i have no service, which matches for webauth. And i have no idea, how does the service for the webout should look like... Thanks

Have you reached out to your Aruba ClearPass partner?

 

Create a new "Web-based Authentication" service.

Host	CheckType	EQUALS	Authentication
Connection	Src-IP-Address	EQUALS	127.0.0.1

Use the Guest User Repository as the authentication source.

Use [Guest Roles] for role mapping.

Create an enforcement policy with a rule that uses the CoA Bounce Host port and also create an enforcement profile to update the endpoint attributes.

Hi i haven`t reached out my cleapass partner.

I´ve attached two screenshots of my wireless gustconfiguration with mac caching, so i have to update the attributes of the endpoint, and build a mappingrule for these values?

Thanks