Aruba ClearPass Workshop (2021) - Guest Access #4 - Controller vs Server initiated guest workflows
Ғылым және технология
The current Guest workflow on Wireless that we set up uses the Controller Initiated login method. There also is the so-called Server Initiated login, and in the next video on Wired Guest Access, we'll need that. In this video I'll show you how these two methods compare and once more do a detailed walkthrough of the Controller Initiated login flow so you can see and understand what happens 'under the hood'.
Workshop video overview, schedule, and discussion can be found on the Airheads Community: community.arubanetworks.com/c...
⏰Timestamps:
00:00 Intro
01:00 Controller initiated workflow
03:00 Server initiate workflow
08:17 When to use which?
Пікірлер: 8
Excellent Herman, I was looking for this content earlier. You made life easy for many Aruba users . Hats off you..
@hermanrobers
2 жыл бұрын
Thanks... I heard many questions around this topic over the years, and if you are familiar with the topic it's quite clear, but sometimes we forget that not everyone is familiar. Think that accounts for many of the videos in this series. Good to hear this helped you.
Thank you! This really clears things up.
Herman, I’ve been doing server initiated login for wireless on both controller and instant for years. Works like a charm and no cert needed on that wlc. Role is changed using filter-id in coa, delay redirect for 6 sec, and it’s flawless for the user. The port bounce on the other hand often cause the cached role to be sent instead due to some weird lag, delay whatever in Clearpass where the endpoint db isnt updated fast enough or something. Server-initiated is a requirement for several other brand wlc which doesnt support the controller-initiated methods, and this «bug» often cause headaches.
Hi Herman, great content. For "server initiated", is there no need for a public certificate on the NAS? I learn from an Aruba Switch OS course that it is needed because of the first redirection to the captive portal, if not this can cause security error messages on the endpoint.
Hi Sir, thank you for this explanation, and I have a question about the public certificate, it's working when the guest user connects to the SSID or after his login to the page like you mentioned in this tuto ?
@hermanrobers
Жыл бұрын
The public certificate is needed for the captive portal and the login (with controller inititated logins). The (ClearPass) captive portal needs to be secure, and the posting of credentials to the controller/IAP must be secure as well. For Server initiated, you will need the ClearPass to have a public trusted certificate only as there is no interaction from the client with the switch. After the login, there is no communication anymore with the ClearPass or controller/IAP, and traffic will go directly to the internet.
Hi Herman, i've followed the guide and i did all the configuration, but now I've a problem with mobile phone. After 24h the first authentication on CP(Life time of the guest account setted) they cannot authenticate again and the redirection on Self Registration Portal doesn't work. How can i fix it?