Security

 View Only
Back to discussions
Expand all | Collapse all

Aruba CPPM Guest portal and Radius Authentication

This thread has been viewed 11 times

  • 1.  Aruba CPPM Guest portal and Radius Authentication

    Posted Jan 06, 2025 03:56 AM

    We have deployed Aruba Clearpass N1000 to cater for Radius authentication and for Captive portal for Guest users. 802.1x is configured for wireless and it is working as expected. The problem we are having now is to get the Guest portal working.
    Clearpass is added to AD domain 1 x.domain.com  . Unfortunately, we have found out that this domain is already purchased by someone else. All of our Co-orporate devices are part of this domain and so is Clearpass. Hence, we will not be able forfeit the domain.
    There is another domain, x-group.domain.com that we have certificates for. If we create a domain x-group.domain.com and form a trust relationship with the existing x.domain.com. then join clearpass to the new x-group.domain.com, will we be able to achieve our objective of doing radius authentication from x.domain.com and use the certificates for x-group.domain.com for portal authentication?



  • 2.  RE: Aruba CPPM Guest portal and Radius Authentication

    Posted Jan 06, 2025 09:55 AM

    For guest captive portal, it's irrelevant to which domain ClearPass is joined. For guest captive portal you would need a public trusted Web Server HTTPS certificate on your ClearPass for which you can control the DNS and point it's fqdn to the ClearPass IP, such that if a guest enters https://guest.x-group.domain.com/ (name guest is arbitrary), it can connect to ClearPass on HTTPS and receive a trusted server certificate. Then on the AP or controller you would need another trusted HTTPS certificate.

    ClearPass does not need to be joined to any domain. Domain joining is only needed to support MSCHAPv2 (PEAP), which is strongly deprecated to use, but unrelated to guest.

    Selecting the right certificates may be confusing if you are unfamiliar with those. Your Aruba partner should be able to advise in more detail.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



Related Content