Security

Reply
Occasional Contributor II

Acceptable Use Policy and PEAP

Hi

 

I have a request for users to accept a "Acceptable Use Policy".

 

all userses log in with PEAP, users are students and administrative users on the samme ssid, and is then placed in a vlan pased on role in AD. 

Users log in and sould then be presented wtth the page and if accpted then given full access. The page is only shown 1 time eatch semester.

 

This also gives posibility to give non human devices access with no page,

based on the endpoint database.

 

Is there any way to redirect after sucessfull login with PEAP.

 

Thanks for helping out.

 

Erik Loeth 

Denmark

Guru Elite

Re: Acceptable Use Policy and PEAP

What are you using for a RADIUS server / policy engine?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Acceptable Use Policy and PEAP

Sorry this was missing :-)

 

 

Setup is 

 

Aruba controller - Cleearpass 6.6.7 - AD

 

 

 Thanks 

 

Erik Loeth

 

 

Guru Elite

Re: Acceptable Use Policy and PEAP

Essentially you'll want to write a rule that checks for the prescense of a custom endpoint attribute. You can call it AUP or something. If not present or not equals true, return a captive portal redirect role to the controller.

Anyone who has accepted the AUP will go right by past that rule and hit their rule in your policy.

You'll also need to create a web login in Guest to handle the captive portal piece and a service that will accept the web login and stamp the endpoint with the AUP attribute.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Acceptable Use Policy and PEAP

Somthing like this:

 

IF AUP = false then apply role with vlan set to xx and a redirect role to the controller that point to the page to accept the AUP, thiss updates the endpoint with AUP=true

do a coa.

Now the AUP=true and only vlan xxx part is left, with access to all.

 

Regads

 

Erik Loeth

 

 

Guru Elite

Re: Acceptable Use Policy and PEAP

Correct!


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Acceptable Use Policy and PEAP

I will try this to morrow, and post the result.

 

And again thanks for the help.

 

Erik Loeth.

 

 

Occasional Contributor II

Re: Acceptable Use Policy and PEAP

Thanks for the help worked perfectley, the only thing i used some time on was updating endpoints from guest portal. but figured it out in another way.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: