Security

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

What type of APs are used? In most cases the post to the AP/controller portal is not successful. Is the right address configured in the ClearPass guest page?

Do you see any errors in the access tracker for the device/user?

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi Willem,

we're using AP505s. It's a new SSID but most of the configs were copied from one at another site, which is working fine. At first, users weren't even being re-directed to the Captive Portal so we checked the  Clearpass and Central and fixed that. The correct addresses are on the CP registration page.

We disabled the 'Enhanced Open' function on Central and added the https to the SSID's  Pre-authentication role. The Access Tracker shows the users being re-directed to the Captive Portal and it looks ok but they keep looping back to it. We checked the 'Delay Login' timer and it's set to '0' so we're not sure why it's happening.

What type of APs are used? In most cases the post to the AP/controller portal is not successful. Is the right address configured in the ClearPass guest page?

Do you see any errors in the access tracker for the device/user?

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Is this an InstantAP or AOS10 setup? Are the RADIUS servers configured in the AP configuration and are the AP IP addresses added to ClearPass? Please also check for any error in the ClearPass Event Viewer.

Hi Willem,

we're using AP505s. It's a new SSID but most of the configs were copied from one at another site, which is working fine. At first, users weren't even being re-directed to the Captive Portal so we checked the  Clearpass and Central and fixed that. The correct addresses are on the CP registration page.

We disabled the 'Enhanced Open' function on Central and added the https to the SSID's  Pre-authentication role. The Access Tracker shows the users being re-directed to the Captive Portal and it looks ok but they keep looping back to it. We checked the 'Delay Login' timer and it's set to '0' so we're not sure why it's happening.

What type of APs are used? In most cases the post to the AP/controller portal is not successful. Is the right address configured in the ClearPass guest page?

Do you see any errors in the access tracker for the device/user?

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Thanks Gorzard,

getting the logs is one I haven't done yet. I'm also going to check everything on the Clearpass again, including the certificates and addresses because I might have missed something.

I'll keep you updated.

Many thanks

Paul

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi @Burnside

Please also check certificates on APs. In many cases the problem lies there.

Best, Gorazd

Thanks Gorzard,

getting the logs is one I haven't done yet. I'm also going to check everything on the Clearpass again, including the certificates and addresses because I might have missed something.

I'll keep you updated.

Many thanks

Paul

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi @Burnside,

did I get it right: on the first connection the users can successfully authenticate in the captive portal, but after logging in they return to the login page. On the second connection, there is no captive portal redirection and the users have immediate access to the Internet?

In this case you need to check the role mapping and enforcement in ClearPass. 

It looks like on the first WLAN connection, ClearPass enables MAC address caching for the endpoint, but sends an Aruba user role to the controller that does not exist there or was misspelled. This is the User Authentication Service. The user remains in the preauthenticated role and returns to the captive portal. For the second WLAN connection, the MAC address authentication service is matched. The client is authenticated by MAC address caching, here ClearPass sends correct postauthenticated role and the user gets Internet access.

Hi @Burnside

Please also check certificates on APs. In many cases the problem lies there.

Best, Gorazd

Thanks Gorzard,

getting the logs is one I haven't done yet. I'm also going to check everything on the Clearpass again, including the certificates and addresses because I might have missed something.

I'll keep you updated.

Many thanks

Paul

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi @Burnside,

did I get it right: on the first connection the users can successfully authenticate in the captive portal, but after logging in they return to the login page. On the second connection, there is no captive portal redirection and the users have immediate access to the Internet?

In this case you need to check the role mapping and enforcement in ClearPass. 

It looks like on the first WLAN connection, ClearPass enables MAC address caching for the endpoint, but sends an Aruba user role to the controller that does not exist there or was misspelled. This is the User Authentication Service. The user remains in the preauthenticated role and returns to the captive portal. For the second WLAN connection, the MAC address authentication service is matched. The client is authenticated by MAC address caching, here ClearPass sends correct postauthenticated role and the user gets Internet access.

Hi @Burnside

Please also check certificates on APs. In many cases the problem lies there.

Best, Gorazd

Thanks Gorzard,

getting the logs is one I haven't done yet. I'm also going to check everything on the Clearpass again, including the certificates and addresses because I might have missed something.

I'll keep you updated.

Many thanks

Paul

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB

Hi Waldemar,

just a quick update for you. The problem is still ongoing but TAC support have had a look at it. They checked the Clearpass configs, including the Role mapping and the Central VC's configs but couldn't identify the cause. They've taken a packet capture and I'll provide an update once I have something.

Many thanks for your help.

Hi @Burnside,

did I get it right: on the first connection the users can successfully authenticate in the captive portal, but after logging in they return to the login page. On the second connection, there is no captive portal redirection and the users have immediate access to the Internet?

In this case you need to check the role mapping and enforcement in ClearPass. 

It looks like on the first WLAN connection, ClearPass enables MAC address caching for the endpoint, but sends an Aruba user role to the controller that does not exist there or was misspelled. This is the User Authentication Service. The user remains in the preauthenticated role and returns to the captive portal. For the second WLAN connection, the MAC address authentication service is matched. The client is authenticated by MAC address caching, here ClearPass sends correct postauthenticated role and the user gets Internet access.

Hi @Burnside

Please also check certificates on APs. In many cases the problem lies there.

Best, Gorazd

Thanks Gorzard,

getting the logs is one I haven't done yet. I'm also going to check everything on the Clearpass again, including the certificates and addresses because I might have missed something.

I'll keep you updated.

Many thanks

Paul

Hi @Burnside

Check the certificates for affected side. You can also look into Clearpass logs under Guest / Administration / Support / Application Log for clues.

 Best, Gorazd

Hello, I have question regarding the Clearpass Captive Portal.

Wifi users at one of our sites aren't connecting to the internet after logging into the Captive Portal, they keep looping back to the Captive Portal page.

If they Click on the SSID a second time however, they do connect to the internet. The same thing happens on both iPhones and Windows laptops (we didn't have any androids to test).

We tried putting the Google.com URL in the default internet page, but it hasn't made any difference. We've checked the Registration page but can't see what might be causing it. 

Has anyone seen this before?

Many thanks

PB