Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest Portal Working but radius request not sent by Virtual Controller

This thread has been viewed 10 times

  • 1.  Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    Posted Nov 19, 2019 02:51 AM

    Setup:

    Clearpass 6.8.1 (radius server and guest portal)

    Virtual Controller AP 335 running 8.5.0

    APs managed by Aruba Central

     

    Problem:

    Clearpass Guest Portal works but I cannot see radius request coming from VC. 

     

    What's working:

    1. 802.1X Wifi Network with Clearpass as Radius Server

     2. VC as Guest Portal with Clearpass as Radius Server

     

    Saw this post:

    https://community.arubanetworks.com/t5/Security/Clearpass-captive-portal-working-but-no-radius-request/td-p/479721

     

    The workaround with the "Pre-Auth Check" does not work on my setup.

     

    Inputs appreciated.

     

    thank you,

     

     

     

     

     

     

     

     

     

     

     



  • 2.  RE: Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    Posted Nov 19, 2019 08:15 AM
    Did you replace the default certificate in your IAP cluster ?

    Make sure the RADIUS shared key matches or that you have the correct NAD IP added in ClearPass, you can check in ClearPass under Event Viewer to see if that is the case.



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    Posted Nov 19, 2019 08:25 AM

    Yes, we replaced the default certificate with a valid one.

    As per radius configuration; the cluster has an 801.1x wireless network

    with the Clearpass server as radius server which works fine. Also the cluster is also running an Internal Guest Portal with the same Clearpass server as radius server, this is running fine as well.

     

    The problem is when the guest portal is hosted with the Clearpass server.

    The weird thing is we have another site (different building) that runs a Clearpass hosted Guest Portal that works.  Both sites (the one that works and the one the doesn't) use the same Clearpass server as radius server.

     

    thank you for the reply.

     

     

     



  • 4.  RE: Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    EMPLOYEE
    Posted Nov 26, 2019 03:55 PM

    Hi, 

    are you sure, the login credentials from the captive portal are send to the IAP? When hitting the submit/login button on the CPPM guest portal, we will use the default securelogin.arubanetworks.com address to send the credentials to the IAP. If you replaced the certificate on the IAP, what is the common name on in the vertificate and does this match with the domain in CPPM (Adress for vendor Product)? 



  • 5.  RE: Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    Posted Nov 26, 2019 07:33 PM

    Yes, changed the URL of the web portal page.

    Also set "Pre-Auth" to "None."



  • 6.  RE: Clearpass Guest Portal Working but radius request not sent by Virtual Controller

    Posted Nov 26, 2019 09:35 PM

    we also tried the default certificate on the Virtual Controller together

    with securelogin.arubanetworks.com on the Clearpass Guest portal. That does not work as well.