Hi,
I configured a captive portal in Aruba Controller 6.5.4.3. The external captive portal (Clearpass) is shown but the RADIUS auth-request packet is not sent by the controller, as shown by stats, i.e.
"show aaa authentication-server radius statistics" counters for our RADIUS group are not incremented. No events or tracking issues are seen at CPPM. If you use the "radius test" on diagnostics controller's section it works, counters are incremented and the request reaches CPPM.
On the other side, "IP address" field in Clearpass NAS vendor settings for Clearpass portal is a name (network-login.xxx.org), whose server certificate is already installed on the controller:
crypto-local pki ServerCert certificadonetworklogin network-login.xxx.org.p12
Any clue? Why the radius group is not used by the captive-portal profile? The controller should intercept the POST and generate the RADIUS request.
This is the configuration of the aaa profile for the virtual-ap:
show aaa profile aaa-prof-portal-FORM-PROF
AAA Profile "aaa-prof-portal-FORM-PROF"
------------------------------------------
Parameter Value
--------- -----
Initial role FORM_PROF_preauth
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Disabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout 1800 sec
Max IPv4 for wireless user 2
RADIUS Accounting Server Group radius_form_profes
RADIUS Roaming Accounting Disabled
RADIUS Interim Accounting Enabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
SIP authentication role N/A
Device Type Classification Enabled
Enforce DHCP Enabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
------------------------------------------------------
------------------------------------------------------
user-role FORM_PROF_preauth
captive-portal "FORM_PROF-Portal"
access-list session global-sacl
access-list session apprf-FORM_PROF_preauth-sacl
access-list session logon-control
access-list session captiveportal
!
aaa authentication captive-portal "FORM_PROF-Portal"
default-role "rol_profesor_edu"
server-group "radius_form_profes"
guest-logon
no logout-popup-window
max-authentication-failures 3
login-page "https://myclearpass.xxx.org/guest/portal_login.php"
welcome-page "http://www.google.com"
white-list "CPPM_Lista_Blanca"
!
---------------------
aaa server-group "radius_form_profes"
auth-server grad-prepro-01
!
------------
aaa authentication-server radius "grad-prepro-01"
host "172.22.13.27"
key xxxxxxxxxxxxxxxxxxxxx
source-interface vlan 478 ip6addr ::
Thanks in advance