Security

Reply
Contributor II

MAC Authentication accepted but captive portal keeps popping up

Hey

 

I have a guest portal that works in every way with phone number as username and SMS as code on initial login. I have 6 months as Mac auth expiry.

 

My problem is when MAC authentication is performed the next day when a user is trying to connect, it gets accept and the cppm user role is assigned, but the captive portal pops up on for example a Apple Iphone. 

 

Can anyone help me out ?

Regards
Jon

Re: MAC Authentication accepted but captive portal keeps popping up

Did you use the Mac caching wizard in ClearPass to build your services/policies/profiles?



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: MAC Authentication accepted but captive portal keeps popping up

Yes, I think it fails here:

 

cppm-mac.JPG

it should hit the first-applicable which is "[Allow Access Profile], [GUEST Guest Profile]", but it goes to the next enforcment profile "[Allow Access Profile], [GUEST Captive Portal Profile]". I just cannot understand why.

Regards
Jon

Re: MAC Authentication accepted but captive portal keeps popping up

Can you share the post-auth profile (Guest Mac Caching Profile) assigned under the mac caching service

 

Also can you share the role mapping for the mac authentication service

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: MAC Authentication accepted but captive portal keeps popping up

Sorry for late reply.

 

Here are post-auth profile (Guest Mac Caching Profile):

 

postauth1.JPG

Here are role mapping for the mac authentication service:

 

rolemap1.JPG

Regards
Jon
Contributor II

Re: MAC Authentication accepted but captive portal keeps popping up

I see this now:

 

auth-attri1.JPG

Are this value set by the orginal form: guest_register with the field: expire_afer ?

Regards
Jon
Contributor II

Re: MAC Authentication accepted but captive portal keeps popping up

When removing the following from the generated guest-mac-policy:

 

AND(Authorization:[Guest User Repository]:AccountExpired EQUALS false)
AND(Authorization:[Guest User Repository]:AccountEnabled EQUALS true)

 

Then everything works as expected. Users who never have authenticated get captive portal, users with the mac-expiry-auth value set gets mac authentication.

Regards
Jon
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: