Security

Hi,

I'm trying to get a test VAP using ClearPass guest captive portal with Mac caching.

I created a guest user and and a web-login page in ClearPass Guest, using the controller i changed the captive portal to the page i just created.

When i tried to login in the captive portal it work with no error and i see the login being accepted by ClearPass but i get redirected to the ClearPass portal and when i try other website i get back the captive portal login ....

Second problem is that I see in ClearPass, is that the computer tries to authenticate using his MAC address, but is always rejected because the policy cannot match the username.

It's seems to be failing to get the username even though it's clearly marked as the username being the MAC address.

Anyone seen this?

On the initial Mac auth request is expected to fail if the mac address hasn't been seen for the specified time (time cached) you configured in the enforcement policy.

Make sure that you have Accounting enabled on the AAA profile and that the key between ClearPass (Devices>Controller IP address >Shared Key and in the Controller >Radius Server>Shared Key matches)

I know that the first auth is supposed to fail. I see the machine MAC being add to the endpoint database. But i can't find the Mac anywhere else, it doesn't show up in the guest device list.

I guess maybe the first part (web login) is the root of the problem, I configured 2 services witch added 3 services to my service page, see image bellow.

The web login service catches the guest user and password but it doesn't seem to add the client device to the guest database.

The MAC address caching service would cache the device i guess, but it doesn't catches the web login, if i remove the web login service the captive portal login fail with reason : could not catagorize the service.

My guess is that one of the service is misconfigured but i don't know witch one. Thanks for your help.