AOS-Switches authenticate guests to ClearPass with captive portal. An administrator notices that some guests are unable to reach the captive portal page. What will resolve this issue?
AOS-Switches authenticate guests to ClearPass with captive portal. An administrator notices that some guests are unable to reach the captive portal page. What will resolve this issue?
Guests unable to reach the captive portal page usually means there is an issue with DNS resolution, which is necessary for them to be directed to the correct URL. Permitting DNS on the ClearPass Portal ensures that guests can resolve the appropriate domain names, thereby accessing the captive portal page successfully. Without DNS resolution, their browsers won't be able to find the portal, even if other settings are correct.
I think the correct is "D". ClearPass Policy Manager does not know the guest device MAC address. Typically, when a device cannot authenticate, the RADIUS server sends a RADIUS Reject message, and the switch port denies access. However, for a captive portal solution, ClearPass, as the RADIUS server, behaves differently. It uses a service with a special type of MAC-Auth (called Allow All MAC-Auth). When a device fails authentication, this service matches the device to a “deny any” profile rather than simply rejects the access. The profile defines various RADIUS attributes and VSAs to apply to the device’s session.
HTTP needs DNS to resolve address before to reach destination.
Shouldn't the answer be D ?
For me is the !D!
Answer should be C. Some clients may not be able to use HTTP or HTTPS.
I think also it's D because the question states "some guests".