the video is the best explication for guest in ccpm .

When I disconnect from the guest Wi-Fi network and reconnect, I get the authentication portal screen. However, while the device is still valid in the MAC authentication, is there a way to prevent this portal from appearing for connection until the MAC authentication has expired?

Thank you for this step Anyone know how to do the same step at 4:39 for Cisco. Because my others WiFi coming from Cisco WLC.

Great video. Regarding the certifciate it's not clear for everyone how the PEM would look like inside. It should be like this: - Certificate for AP or MC - Private Key of the AP or MC cert - Certificate of the intermediate CA (if exists) - Certifciate of the root CA ¿Correct?

@hermanrobers

2 жыл бұрын

Good question, though I didn't want to make a PEM video ;) The root CA should NOT be part of the chained PEM file. It doesn't hurt, but is not needed as the root is already in your browser or device, and if it isn't the certificate is not trusted anyway, but if you add it, it will be sent with each SSL negotiation, which is needless traffic. For that reasons: leave the root CA out of your chained certificate. Then for the order, I see the private key mostly either first or last in the PEM file, not between the certificate itself and the intermediates... and then the order of the certificates is: server cert itself, intermediate that issued the server cert (first towards the root), then if there are other intermediates in the similar order (from closest the the server cert, to closest to the root) and the root itself is excluded/left out. Here is a nice blog entry that shows it graphically and includes the openssl commands needed: community.arubanetworks.com/browse/articles/blogviewer?blogkey=719538b4-7db9-402f-a998-d80c91cf0cc9 Hope this helps?

@ulisescazaresquintero1566

2 жыл бұрын

@@hermanrobers Thanks. And just to give another option, the private key can go after the server cert. I've always uploaded it like that with no problem. Server Cert PrivateKey CA bundle

Hello @hermanrobers , I have a question. How can I upload certificate and configure usage if I use Aruba Airwave? There is a way to push wlan cert-assignment-profile configuration? Thanks

@hermanrobers

3 ай бұрын

That is more an AIrheads question. I don't have one to check it, but you would need to upload the certificate to Airwave first (System - Certificates) and then should be able to assign it in your controller or Instant. If you can't find it, please ask support or on community.arubanetworks.com in the Network Management forum.

Hi Herman, i've followed the guide and i did all the configuration, but now I've a problem with mobile phone. After 24h the first authentication on CP(Life time of the guest account setted) they cannot authenticate again and the redirection on Self Registration Portal doesn't work. How can i fix it?

@hermanrobers

9 ай бұрын

There may be an incorrect or invalid role returned in that case, or even a REJECT. I would check the role that is returned for users that are beyond the mac-caching or guest account lifetime) and verify that the role is configured and includes the redirect.

@user-qq2fs6hc9x

9 ай бұрын

@@hermanrobers this happens only with moblie phone why? The CP role is "X" the default role on role mapping is [Other]. I should change other with X. Yes i have a reject log

@hermanrobers

9 ай бұрын

@@user-qq2fs6hc9x if it happens on mobile phone only, there is a chance that the certificates used are not fully correct. Best to investigate further with your Aruba partner or Aruba SE as based on this limited information it's hard to address the exact issue.

Hi herman, i installed the certificate on my Airwave and the external domain is correct but i'm still in the looping in the login page. And if i try to browser something i had a warning of HSTS problem. How can i fix this?

@hermanrobers

Жыл бұрын

HSTS is due to something redirecting HTTPS traffic (port 443). Looping back to the login page has probably to do with the login not happening properly, where it can be that the login is not sent, it does not arrive on ClearPass, ClearPass doesn't process it correctly or the AP/Switch/Controller doesn't handle the login/role switch correctly. The next video in the playlist (kzread.info/dash/bejne/qox7pauhqrCreag.html) explains each and every step in the guest login process. Following that chart, then find out till where it works in your deployment and where it starts to fail, will probably bring you to the error in your configuration so you can fix it. The exact workflow differs a bit between Instant AP, Aruba controllers, switches, 3rd party equipment.

@user-qq2fs6hc9x

Жыл бұрын

@@hermanrobers thank u very much for the answer

@user-qq2fs6hc9x

Жыл бұрын

@@hermanrobers one question, as captive portal certificate i have a wild card. I should modify the CN with my cp domain?(captiveportal-login.....)