Contributor II

guest cisco wired with mac caching


May be you can help me.

I have follow a step by step from this link " " for make a cisco wired captive portal, the redirect url work fine, i can open the captive portal, but when i put the credential (user/pass), clearpass puts me back to captive portal role again


I have configured two service a web auth and a raidus mac auth,

here are the services, policy and profiles 

web auth service and profiles

web service.JPGimage.png



mac auth services and profiles





access tracker log, 

first mac auth
image.pngweb auth user pass acepted

image.pngCaptive portal enforcement again

image.pngswitch config

aaa new-model
aaa authentication dot1x default group radius
aaa authorization exec default local group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client server-key xxxxxxxx
port 3799
auth-type all


ip dhcp snooping
ip device tracking


dot1x system-auth-control


interface FastEthernet0/1
switchport access vlan 102
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication violation protect
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 10
dot1x max-req 3
dot1x max-reauth-req 3
spanning-tree portfast


ip http server
ip http secure-server



ip access-list extended ACL-guest
permit udp any any eq domain
deny ip any
deny ip any host
permit ip any any

ip access-list extended cisco-wired-guest-acl
deny tcp any host
permit tcp any any


radius-server attribute 11 default direction in
radius-server vsa send authentication


radius server clearpass
address ipv4 auth-port 1645 acct-port 1646
key xxxxxxx

Guru Elite

Re: guest cisco wired with mac caching

Did you follow the ClearPass Solution Guide for Wired Policy Enforcement?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Contributor II

Re: guest cisco wired with mac caching

yes, I followed that document and I do not find what  it is wrong

Guru Elite

Re: guest cisco wired with mac caching

Are you sure you followed the correct doc? The link you posted is not the correct doc.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: