Aruba Instant & Cloud Wi-Fi

Reply
Contributor I
Posts: 29
Registered: ‎07-17-2016

Radius with or without clearpass - Instant possibilities

Hello, 

We are testing a desing created for distributed venues with Instant cluesters connected through VPN to a centralized authentication site for EAP auth and an Airwave. Apart from the authentication each site will have its own captive portal for guest wifi and also client wifi. 

 

The client is requesting to test different types of profiling with the instant clusters and we are testing them with a FreeRadius. We might be able to offer a ClearPass or a controller based remote sites solution but for pricing purposes we would try to get as much as possible without them. 

 

Could anyone please confirm if we can do any of these with freeradius and instant, or if not if we should add a controller and/or a ClearPass:

- Configure a time limit interval for guests for each day

- Configure a maximum of simultaneous logins with the same user / pass

- Cache the MAC of an authenticated user so it doesnt have to login again. Please explain if its possible to set this cache time (i.e 1 day, 1 week, etc)

- Assign dynamic bandwidth to an SSID or a user. If the other is free take all the BW, if not stick to the max BW. 

- Assign dynamic bandwidth to an application. Same as before but for example specify a maximum of 1mb per user for Facebook, but if the system is free of traffic assign all the 10mbps as EIR. 

 

Thanks in advance!

 

 

Guru Elite
Posts: 8,027
Registered: ‎09-08-2010

Re: Radius with or without clearpass - Instant possibilities

All of those are possible with FR but they are not native and would require extensive customization, coding and other external components like SQL servers.

ClearPass can do all of this out of the box.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 29
Registered: ‎07-17-2016

Re: Radius with or without clearpass - Instant possibilities

Thanks Capalli, 

 

All of those can also be performed only with an instant cluster or any of them would requiere a controller?

 

 

Guru Elite
Posts: 8,027
Registered: ‎09-08-2010

Re: Radius with or without clearpass - Instant possibilities

Dynamic application bandwidth policy enforcement is not a function of a AAA server.

I don't believe either controller or Instant can do this but I'll let someone else confirm or deny that. All others should be possible in both architectures.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Radius with or without clearpass - Instant possibilities

I don't believe that you can support dynamic bandwidth allocation with the IAPs nor controllers. Might be supported in something like a Palo Alto firewall. 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I
Posts: 29
Registered: ‎07-17-2016

Re: Radius with or without clearpass - Instant possibilities

Ok Thanks!!

 

Regarding the FR config is there any document of how to configure it that you may know in order to work with it?

 

Guru Elite
Posts: 8,027
Registered: ‎09-08-2010

Re: Radius with or without clearpass - Instant possibilities

No, like I mentioned, it requires complete custom development to add features like you described. FR by itself is a basic RADIUS server.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: