Appendix A: Visitor WLAN ClearPass Details
This section outlines the procedure to collect captive portal information and VRRP VIP information from ClearPass Policy Manager that is needed to configure Visitor WLAN.
Table of contents
Find the Captive Portal Information
Step 1 Open a new browser tab, connect to one of the ClearPass servers, and login to ClearPass Guest with administrator credentials.
Step 2 On the left navigation menu, select Configuration, click the + (plus sign) to expand Pages, then select Web Logins.
Step 3 Select the name of the already configured Web Login, then click Edit.
Step 4 Copy the values found in Page Name and Address and store them for later use.
Step 5 In the top menu, select Logout.
Caution: Some legacy versions of AOS8 use a certificate with the name of securelogin.arubanetworks.com. All versions of AOS released since 2020 now use a certificate with the name securelogin.hpe.com. If this is a mixed environment where the legacy certificate is still in use, you may need to clone/duplicate the page to use another certificate. It is best practice to replace the certificate with a publicly signed one. If the certificate is replaced, this issue is avoided, but the Address in the web login must reflect the Common Name (CN) assigned to the certificate when it was issued.
Note: This procedure uses the default certificate. It is best practice to replace the certificate with a publicly signed one. See the caution section above.
Find the ClearPass VRRP VIP
When following best practice and using more than one ClearPass Server for network authentication, the captive portal address or hostname in the WLAN Access Policy must be the VRRP address of the ClearPass servers. The following procedure shows how to find the VRRP address in ClearPass Policy Manager.
Step 1 Open a new browser tab, connect to one of the ClearPass servers, and login to ClearPass Policy Manager with administrator credentials.
Step 2 On the left navigation menu, select Administration, click the + (plus sign) to expand Server Manager, then select Server Configuration.
Step 3 On the Server Configuration page in the top right, select Virtual IP Settings.
Step 4 On the Virtual IP Settings page, observe and record the Virtual IP configured for the CPPM cluster.
Step 5 Use nslookup or other operating system specific mechanism to confirm that the Virtual IP address above has a resolvable host name. Use the host name in the Captive Portal Profile: IP or Hostname: field when configuring a WLAN for captive portal authentication.