AAA, NAC, Guest Access & BYOD

Onboard with Guest self registration

Aruba Employee
Requirement:

Setup:

This setup requires two SSID, wherein the first SSID will be an Open or PSK Network and second SSID would be a 802.1x Network.

Step 1:

Guest users will connect to Open SSID and will be placed into captive portal role in the controller. It will redirect them to ClearPass Guest Registration page. 

 

Step 2:

The guest users need to register for an account as shown below. The email address(username) will become the client certificate CN.  After registration, they will be taken to receipt page as shown below:

Guest receipt page:

Step 3: 

When guest users click on login in, they will be taken to the provisioning page. Below is the screenshot of the provisioning page as seen by a Windows client.

For Androids to download quickconnect application, we need to whitelist google play in the captive portal role in the controller/NAS.

Step 4:

Guest user needs to click on 'Start QuickConnect' to download the Quick Connect application that will configure 802.1x profile on the client.

 

Step 5:

After provisioning, the QuickConnect application will bounce the client. The client will then connect to 802.1x network with certificate provisioned to client. Configuration pertaining to other Onboard settings like provisioning settings, network settings and certificate authority remains the same as in anyother Onboard configuration.

The client certificate expiry depends on validity period configured in the certificate authority and does not depend on guest account itself.



Solution:

To allow guest users to Onboard their devices after self registration, we can navigate to Configuration --> Pages --> Guest self registration page --> edit --> NAS vendor settings. Click on the dropdown button for 'Enabled' option and select 'Enable Onboard device enrollment'

With this option, when the guest users click login button in the receipt page, they will be taken directly to the provisioning page. We can also enable sponsorship confirmation after self registration, if required.

There are two ways to enable sponsor confirmation. They are:

1.  Enable sponsorship confirmation in the Guest registration page

2. Using the sponsorship confirmation in the device provisioning settings in the Onboard. 



Configuration:

Navigate to ClearPass Guest --> Configuration --> Pages ---> Guest self registration.

 

Click on Edit and click on NAS Vendor Settings:

 

Select the option Onboard device Enrollment under Login and choose the appropriate provisioning settings.

 

 

 



Verification

Setup:

This setup requires two SSID, wherein the first SSID will be an Open or PSK Network and second SSID would be a 802.1x Network.

Step 1:

Guest users will connect to Open SSID and will be placed into captive portal role in the controller. It will redirect them to ClearPass Guest Registration page. 

 

Step 2:

The guest users need to register for an account as shown below. The email address(username) will become the client certificate CN.  After registration, they will be taken to receipt page as shown below:

Guest receipt page:

Step 3: 

When guest users click on login in, they will be taken to the provisioning page. Below is the screenshot of the provisioning page as seen by a Windows client.

For Androids to download quickconnect application, we need to whitelist google play in the captive portal role in the controller/NAS.

Step 4:

Guest user needs to click on 'Start QuickConnect' to download the Quick Connect application that will configure 802.1x profile on the client.

 

Step 5:

After provisioning, the QuickConnect application will bounce the client. The client will then connect to 802.1x network with certificate provisioned to client. Configuration pertaining to other Onboard settings like provisioning settings, network settings and certificate authority remains the same as in anyother Onboard configuration.

The client certificate expiry depends on validity period configured in the certificate authority and does not depend on guest account itself.

 

Version history
Revision #:
2 of 2
Last update:
‎08-31-2015 02:26 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.