Wireless Access

We are configuring in an office with Huawei electronics that the public wifi connects to the captive portal and the Radius of clearpass. In other offices we have the same configuration being all with Aruba electronics and it works perfectly.
So far we have managed to send the captive portal when they connect to the wifi, but when they authenticate they get the page captureportal-login.domain.com and it remains blank (normal behaviour, we have in the captive portal a wildcard certificate) but it stays there and does not give any kind of registration to clearpass.
The captive portal is configured as
Provider configuration: Aruba
Login method: "Controller initiated".
Address: captiveportal-login.domain.com





My question is whether the captive portal needs to be configured differently to work with Huawei (no huawei provider is listed). Or would it work if the portal wilcard certificate is installed on the Huawei APs so that they are able to redirect correctly when it reaches captiveportal-login.domain.com?

I've been struggling with this for days now and I'm starting to get depressed. I would appreciate some light

Thank you very much.
Regards

captiveportal-login only works for Aruba gear, thats why you see the blank screen.
You need to find out what is the recommended external captive portal Huawei configuration.
See if they support wildcard certs and if so what is the exact behaviour. Once we know that then we can match it on clearpass.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Nov 03, 2022 04:58 PM
From: Angel Valcarce
Subject: Huawei wifi electronics configured with external captive portal in clearpass

We are configuring in an office with Huawei electronics that the public wifi connects to the captive portal and the Radius of clearpass. In other offices we have the same configuration being all with Aruba electronics and it works perfectly.
So far we have managed to send the captive portal when they connect to the wifi, but when they authenticate they get the page captureportal-login.domain.com and it remains blank (normal behaviour, we have in the captive portal a wildcard certificate) but it stays there and does not give any kind of registration to clearpass.
The captive portal is configured as
Provider configuration: Aruba
Login method: "Controller initiated".
Address: captiveportal-login.domain.com





My question is whether the captive portal needs to be configured differently to work with Huawei (no huawei provider is listed). Or would it work if the portal wilcard certificate is installed on the Huawei APs so that they are able to redirect correctly when it reaches captiveportal-login.domain.com?

I've been struggling with this for days now and I'm starting to get depressed. I would appreciate some light

Thank you very much.
Regards

Thank you very much, it worked by pointing to the correct port on the Huawei controller and in sending the authentication add the ip of the AP. The new problem we have is a multi-controller scenario, each AP communicates with Clearpass.
With Aruba this is solved with certificates, does anyone know how to do this with Huawei, also with certificates?
If anyone has encountered this scenario I would appreciate your knowledge.

Thanks
Regards
Original Message:
Sent: Nov 03, 2022 06:05 PM
From: Ariya Parsamanesh
Subject: Huawei wifi electronics configured with external captive portal in clearpass

captiveportal-login only works for Aruba gear, thats why you see the blank screen.
You need to find out what is the recommended external captive portal Huawei configuration.
See if they support wildcard certs and if so what is the exact behaviour. Once we know that then we can match it on clearpass.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Nov 03, 2022 04:58 PM
From: Angel Valcarce
Subject: Huawei wifi electronics configured with external captive portal in clearpass

We are configuring in an office with Huawei electronics that the public wifi connects to the captive portal and the Radius of clearpass. In other offices we have the same configuration being all with Aruba electronics and it works perfectly.
So far we have managed to send the captive portal when they connect to the wifi, but when they authenticate they get the page captureportal-login.domain.com and it remains blank (normal behaviour, we have in the captive portal a wildcard certificate) but it stays there and does not give any kind of registration to clearpass.
The captive portal is configured as
Provider configuration: Aruba
Login method: "Controller initiated".
Address: captiveportal-login.domain.com





My question is whether the captive portal needs to be configured differently to work with Huawei (no huawei provider is listed). Or would it work if the portal wilcard certificate is installed on the Huawei APs so that they are able to redirect correctly when it reaches captiveportal-login.domain.com?

I've been struggling with this for days now and I'm starting to get depressed. I would appreciate some light

Thank you very much.
Regards

From reading this thread, I believe you need wo main things to resolve these issues.

1. You need to know how basic RADIUS is used in enterprise AAA network access. You can learn that through ClearPass training or by other means. many years ago when I needed to learn, I asked an expert friend and he recommended this book.
FreeRADIUS Beginners Guide
Although is it quite old it presents a good hands-on introduction to RADIUS and FreeRADIUS. Since ClearPass is based on FreeRADIUS it applies quite well.

2. You need to work with your Huawei support team to find out how to configure their devices for generic RADIUS authentication.  To their devices, ClearPass is just a generic FreeRADIUS server following the IETF standard.

Sorry I cannot be of more assistance but I am busy troubleshooting & expanding my complex ClearPass environment.

Bruce Osborne ACCP




------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Nov 05, 2022 10:24 AM
From: Angel Valcarce
Subject: Huawei wifi electronics configured with external captive portal in clearpass

Thank you very much, it worked by pointing to the correct port on the Huawei controller and in sending the authentication add the ip of the AP. The new problem we have is a multi-controller scenario, each AP communicates with Clearpass.
With Aruba this is solved with certificates, does anyone know how to do this with Huawei, also with certificates?
If anyone has encountered this scenario I would appreciate your knowledge.

Thanks
Regards
Original Message:
Sent: Nov 03, 2022 06:05 PM
From: Ariya Parsamanesh
Subject: Huawei wifi electronics configured with external captive portal in clearpass

captiveportal-login only works for Aruba gear, thats why you see the blank screen.
You need to find out what is the recommended external captive portal Huawei configuration.
See if they support wildcard certs and if so what is the exact behaviour. Once we know that then we can match it on clearpass.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Nov 03, 2022 04:58 PM
From: Angel Valcarce
Subject: Huawei wifi electronics configured with external captive portal in clearpass

We are configuring in an office with Huawei electronics that the public wifi connects to the captive portal and the Radius of clearpass. In other offices we have the same configuration being all with Aruba electronics and it works perfectly.
So far we have managed to send the captive portal when they connect to the wifi, but when they authenticate they get the page captureportal-login.domain.com and it remains blank (normal behaviour, we have in the captive portal a wildcard certificate) but it stays there and does not give any kind of registration to clearpass.
The captive portal is configured as
Provider configuration: Aruba
Login method: "Controller initiated".
Address: captiveportal-login.domain.com





My question is whether the captive portal needs to be configured differently to work with Huawei (no huawei provider is listed). Or would it work if the portal wilcard certificate is installed on the Huawei APs so that they are able to redirect correctly when it reaches captiveportal-login.domain.com?

I've been struggling with this for days now and I'm starting to get depressed. I would appreciate some light

Thank you very much.
Regards