Security

Hi All,

I am working on Clearpass guest, i implemented all the scenario but the issue is when i am trying to login by username and password i received an error "Authentication Failed". I tried to create a new account from the same login page and the account was created successfuly as i confirmed from the CPPM. 

But when i tried to login with the same username and password again i received the same error. Below are the sanpshots from the configuration i did.

1. Group = Universities

2. VAP = guest_uni_vap_pro

3. AAA Profile = guest_uni_aaa_pro,

SSID Profile = guest_uni_ssid_pro

 

4. AAA initial Role = guest_uni_aaa_init_role

 

5.  user role guest_uni_aaa_init_role 

 

access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 global-sacl session
2 apprf-guest_uni_aaa_init_role-sacl session
3 logon-control session
4 cppm_red_acl session
5 captiveportal session

---------------------------------------------------------------------------------

 

6. Default Role (L3 Authentication)

 

access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 global-sacl session
2 apprf-guest_uni_aaa_init_role-sacl session
3 logon-control session
4 cppm_red_acl session
5 captiveportal session

--------------------------------------------------------------------------------

 

Please support me.

 

For guest, you should not have an 802.1X server group defined.

The ClearPass server-group should be defined in your captive portal profile.

Thanks Cappalli,

 

I checked my configuration and i found that i didn't add Captive Portal Profile in L3 Authentication Default Role. I added but the repsonse is same authentication failed. Below are the snapshots for your review.

 

 

 

Your Mac auth server group shows default. Should be your cppm server

I added the MAC Authentication Server Group but the facing same issue. 

Waseem,

 

Could you share authentication failed access tracker log, if it is not possbile , please open TAC ticket.

 

Regards,

Pavan

Hi Pavan,

 

Thanks for reply. Actually i didn't see any thing in the Access Tracker. I didn't see any authentication request hits the clearpass. If you check my first post there i mentioned that the user is created successfuly but the problem is authentication failed but here the strange thing is i didn't not see any thing in the access tracker and no authentication hits the clearpass.

I have attached clearpass and aruba wireless integration guide which provide steps for .1x and Guest authentication.

 

I understand that authentication request itself not coming on to CPPM, have you added controller IP to clearpass?

 

If you have added controller ip in cppm then something configuraiton mismatch on controller, check the Tech document.

 

Regards,

Pavan

 

If my post addresses, your query give kudos:)

Thanks for the Guide. I follow the same guide during configuration. Now i don't have access to controller and clearpass, today i will cross check and update you.

Hi,
If you are not getting any hit in access tracker then please check event viewer in Clearpass.

Hi Milind,

 

Thanks to you and all who support me. My problem was resolved, actually that time i did not configure clearpass guest web login and i did not added the MAC Authentication Server.