Security

Hi.

I'm trying to setup wireless network for guests on Cisco 2504 WLC and I want to use captive portal on ClearPass (trial version) with self-registration. Because there so many options on ClearPass, I'm confused of how to configure controller and ClearPass and if it's necessary to use RADIUS. Right now I'm able to connect to guest network, request is redirected to captive portal where I can register. After registration, I can sign in successfully but then I'm redirected to 1.1.1.1 and I have no Internet access.

Can someone give me instructions/guides how to set it up or where to look to find out why it's not working?

You may have already looked but the user guide is here.

Yes, I've already looked at user guide 6.5 (because this is the version I'm using) but it seems there are only general information. There are no details regarding my setup.

You will need to add ClearPass for Radius Authentication and Accounting.

Are you using Mac Caching ?

I've already got RADIUS configured but I don't know if I have to associate it with Captive Portal.

I didn't configure MAC Caching so it depends if it's enabled by default.

Over in ClearPass Guest, you need to make sure that you changed the NAS Login to Cisco for the Guest Self-Registration page.

Some info about the Guest Login process:

When you login, there are two things happening:

1. Pre-auth check (we check to make sure the account is valid and not disabled)
2. NAS Login (your browser does a POST to the Login Form on the controller at 1.1.1.1)

When number 2 occurs, the controller should generate a RADIUS request to ClearPass.

Other than that, you should be all set, as long as the request from the WLC hits the appropriate service in CPPM based on the service rules.

Thanks,

Zach

I had the same problem hereit stucked in login please wait and it shows in access tracker as acceppted but no thing happen.

Hello Victor I added it on the redirection URL in Layer3 in WLAN and in web auth under security in controller and still the same I see in request it Identify the NAS as this

It Shows on clearpass accept request but after post authentication it redirect to this URL:

http://1.1.1.1/login.html?redirect=redirect

Dear Please update me with following :

what is the web login page NAS settings for cisco WLC is it the defaults and should I choose pre-auth RADIUS ? as when I didn't change it WLC did not send any request to Clearpass ?

What is the right Service Template?

Should I choose Vendor in Device Setting to be airspace or Cisco?

what is the right Pre-Auth ACL as I created it to be the same as Amigopod guide?

Did you find on this the solution? I have exactly the same problem.

i have exactly same issue.

please update on how you resolve this issue?

Not sure if its related but the 2504 does not support a redirect to a URL post authentication.