Aruba Apps

 View Only
last person joined: 7 days ago 

The HPE Aruba Networking Apps board is designed to address questions, comments, and feature requests for all HPE Aruba Networking mobile Apps
Back to discussions
Expand all | Collapse all

Clearpass captive portal ssid issue.

This thread has been viewed 43 times

  • 1.  Clearpass captive portal ssid issue.

    Posted Jan 10, 2023 02:03 AM
    hi team,
    we have two aruba 7200 controllers working as standalone .( controller 1 , controller 2) on 6.5.x.x version
    we have recently upgraded   controller 1 from 6.5.x.x to 8.6.x.x .
    we have created a  guest ssid from controller 2 on newly upgraded controller 1.
    user can connect to this guest ssid and redirect to url but url page is not opening . i guess i am missing some configuration part.
    i am attaching  both the configuration .( running config on controller 2 and guest ssid config on controller 1 ).
    on controller 2 same SSID is working properly .
    it would be really helpful if anyone can tell me  what configuration i am missing or what i am doing wrong .

    thanks ,

    Attachment(s)

    txt
    GUEST SSID on controller 1.txt   2 KB 1 version
    txt
    controller 2 running config.txt   77 KB 1 version


  • 2.  RE: Clearpass captive portal ssid issue.

    EMPLOYEE
    Posted Jan 10, 2023 02:40 AM
    Hi,
    have you seen this viedeo? This helps in the Configuration - https://youtube.com/watch?v=F-4p7cqZzXQ&feature=shares
    Did I get it ight, on Controller 2 it works and on Controller 1 not? It would be good to paste the whole controller 1 config here.

    Why are you using downloadable rules:
    aaa profile "Guest@Bajaj"
   initial-role "Guest@Bajaj"
   download-role
    This is to Enables role download from ClearPass Policy Manager.

    Often made mistakes:
    - did the Controller have an IP Address in the Guest VLAN?
    - Certificate issues, ist there a public trusted certificate on the controller and the Cert Common Name placed in ClearPass Config?

    Original Message


  • 3.  RE: Clearpass captive portal ssid issue.

    Posted Jan 11, 2023 12:55 AM
    Hi cordless,
    I will check this and update you.
    During the upgradation we were facing low space on flash . 
    I have tried everything available online to make some space but failed at last I run the command " wipe out flash" to format the controller.
    Do we need to install the certificates after this command.

    Original Message


  • 4.  RE: Clearpass captive portal ssid issue.

    EMPLOYEE
    Posted Jan 11, 2023 03:33 AM
    Hi,

    see description of the command here:
    https://www.arubanetworks.com/techdocs/CLI-Bank/Content/aos8/wipe.htm

    Yes you have to install Captive Portal Certificate afterwards. But that was a very drastic way.
    You should work with the community or TAC before doing so.
    Original Message


  • 5.  RE: Clearpass captive portal ssid issue.

    Posted Jan 11, 2023 03:41 AM
      |   view attached
    Hi ,
    Actually we do not have the tac support for this .
    After this command i upgraded the firmware. Other psk based  SSIDs are working fine.
    Only having trouble with captive portal SSID.
    I have checked on the other working controller and found no certificates  but SSIDs are working on the controller .PFA .

    Original Message


  • 6.  RE: Clearpass captive portal ssid issue.

    EMPLOYEE
    Posted Jan 11, 2023 03:49 AM
    That is correct.
    If you are doing Captive Portal you will have to have a valid public trusted Certificate on the Controller. See the video linked in this thread.
    Original Message


  • 7.  RE: Clearpass captive portal ssid issue.

    Posted Jan 11, 2023 07:27 AM
    Hi ,
    When user connects to captive portal SSID , they are redirected to securelogin.arubanetworks.com/auth/cp_ disabled.html.
    I am attaching the snapshot.
    I have also captured the user log .
    It's showing authentication server request time-out.
    I am attaching the logs . please check if anyone can see the issue.

    Attachment(s)

    txt
    baja guest user logs.txt   38 KB 1 version
    Original Message


  • 8.  RE: Clearpass captive portal ssid issue.

    EMPLOYEE
    Posted Jan 11, 2023 07:52 AM
    Does your Controller can communicate with the Radius Server?
    I assume the Captive Portal will also be hosted on the ClearPass - if so, what is the Event Viewer and Access Tracker saying?

    show aaa authentication-server radius statistics
    show aaa authentication-server radius CPPM_GROUP
    show aaa authentication captive-portal <Captiveportalprifilename>
    ...gives more insight

    Be sure that the controller has an IP Interface in the Guest Client VLAN.
    Original Message


  • 9.  RE: Clearpass captive portal ssid issue.

    Posted May 25, 2023 09:55 AM

    Hi,
    Based on the given Web Search Results, it seems that you have two standalone Aruba 7200 controllers (Controller 1 and Controller 2) running on version 6.5.x.x [1]. Recently, you have upgraded Controller 1 to version 8.6.x.x and created a guest SSID from Controller 2 on the newly upgraded Controller 1 [1]. However, users are unable to open the URL page after connecting to the guest SSID, indicating a missing configuration. To troubleshoot the issue, you should compare the running configuration on Controller 2 with the guest SSID configuration on Controller 1 to identify any missing or incorrect configurations [1]. Additionally, the Aruba 7200 series Mobility Controllers have a new central processor that can support up to 32,000 mobile devices and perform stateful firewall policy enforcement at 40 Gbps [3]. The controllers can be centrally managed with Aruba AirWave network management, which can help you monitor and troubleshoot any issues with the network [3].


    Original Message