Security

Hi, I'm configuring Guest with MAC Caching on CPPM with IAP. I'm having the following issue. On first connection, guest is redirected to captive portal. MAC AUTH fails and shows up in Access Tracker. If a valid and active account was created manually and if the guest logins with that account, he/she is prompted to login again. No log is seen in Access Tracker. Only when the guest self-registers can he access the network. But when MAC-AUTH expires and he is redirected back to the captive portal, using the previously self-registered account (still valid and active), same problem is encountered, i.e. cannot login and no log of failed authentication in Access Tracker. Again, if guest self-registers then access to network is granted. In the configuration of the guest MAC Caching service, the [guest user repository] is specified as an Authorized Source. Appreciate your advice.

Thanks.

Can you please share hows your Role Mapping and policy is configured ?

And also share the access tracker entry ?

Hi victor, I attach the configuration as well as capture of the process. If I enter the manually created credentials, the browser just opens another tab and redirects to the captive portal. No error message seen (i guess that's why no log in Access Tracker). Thanks very much

Sorry, Victor.I can't seem to be able to attach a pdf or doc file. I will try again..

Hi Victor, please see access tracker and service configuration. Thanks and sorry for the delay. Appreciate your advice.

Did you loook at the ASE solution to make sure you IAP config is correct?

https://ase.arubanetworks.com/solutions/id/37

Hi Troy, 

Thanks for the URL link. Yes, the IAP configuration is similar to the one shown on the ASE solution, i.e. CPPM is configured as RADIUS, with CPPM as the external captive portal as well, MAC Auth enabled and two guest roles (pre-auth and default). The only difference is that on CPPM, under 'Authentication Settings' I did not choose HTTPS as I was also testing Onboarding using private certificate. 

Cheers, Simon