New Contributor

Clearpass Guest with mac caching and Cisco WLC



Checking to see if anyone else has seen this type of issues with Cisco WLC & Clearpass guest:


I have setup an open guest wlan on a Cisco WLC with Layer2 mac-filtering , Layer3 Web Policy/"On Mac failure" pointing to external ClearPass captive portal.  

I used the templates to create the 2 services,

-one with mac authentication accept if exists, reject if doesn't exist

-WLC receives reject and sends user to Clearpass portal page to accept terms.

-CPM radius reject delay is set to 0


-The first time a user connects, the clearpass portal appears

-user accepts terms,

-instead of gaining access the Cisco internal web auth page appears.(no attributes set on endpoint)

-user refreshes the browser, the Clearpass screen appears.

-user accepts terms and gains access (attributes are set on endpoint)


This can easily be reproduced. I've opened a Cisco TAC but waiting to work on it with them.




Re: Clearpass Guest with mac caching and Cisco WLC

Can you please share the error message if any ?

Which attributes are you trying to use ?
Thank you

Victor Fabian
Lead Mobility Architect @WEI
New Contributor

Re: Clearpass Guest with mac caching and Cisco WLC

The templates set 2 attributes:

Guest Role ID

Username(which, in this case is the same for all guest because just accepting a policy)


There isn't an error, other than the reject when the user is connecting the first time and mac address isn't cached already.


To do a retest, we just clear the 2 attributes and can reproduce the problem.




Frequent Contributor II

Re: Clearpass Guest with mac caching and Cisco WLC

What Version WLC?

You need to consider doing it with Central WEB auth. (Like ISE). I hated doing to with the on-Mac-failure.
Search Airheads
Showing results for 
Search instead for 
Did you mean: