06-27-2014 08:41 AM
Please don't be toocruel... and "switch to Aruba!" really won't help me :) And there is ZERO interest in social Wi-Fi here.
I run a large Cisco WLAN, and the native guest access functionality has never been suitable for our straightforward needs. So, for years, we've used a Bluesocket gateway on a dedicated guest VLAN/SSID to accomplish the following:
- Anyone with our 802.1x credentials can sponsor a guest using either guest email address or 10-digit mobile phone number
- Any guest can self-sponsor, but only with 10 digit mobile phone number that gets the password texted to them
- We control data rate, session durations, firewall rules etc in the Bluesocket for guests
- When we need a place to stick oddball wireless devices (like Google Glass) that can't do 802.1x we give them a MAC exception in the Bluesocket
This all works great, and is what works for us. I know there are many other options out there for guest access/MAC exceptions (we also use Twillio on Meraki sites for texting/self sponsor) but I'd love to find an exact replacement for Bluesocket that replicates all the same functionality from a single appliance that could drop in instead of Bluesocket. Adtran bought Bluesocket, and I don't care for their response, support, or direction. Amigopod had me intrigued at one point, but not sure how the Aruba integration may have changed it.
So my question is this: is anything in the Aruba line a potential single-box guest acess portal apliance for non-Aruba networks, as described above?
Solved! Go to Solution.
06-27-2014 09:02 AM
Take a look at the Clearpass solution, http://www.arubanetworks.com/products/clearpass/
It is very feature rich and will probably meet all of your needs and more. It integrates with Cisco and many other vendors.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294
06-28-2014 12:49 PM
Hi Lee, just a couple of things to add to the discussion. ClearPass can absolutely work in multi vendor networks and provide the guest registration/sponsoring and authentication services you describe. One difference though with Bluesocket is that ClearPass is not an inline device, it works out of band and uses protocols like radius and http/s to interface with the network infraestructure. So aside from bandwidth quotas, ClearPass itself does not do firewall policies or rate limiting of traffic.
You can however configure specific role based policies on ClearPass that will trigger enforcement actions on a NAS device such as your cisco WLC (same is true for Cisco switches). You can send back radius attributes and dACLs to enforce basic firewall and QoS policies. You can also configure ClearPass to send upstream messages to your internet firewall and provide a deeper layer 7 enforcement. Given you are talking maily about guest access, you can probably just plumb the guest VLAN through a specific firewall zone and policy although I would need to better understand the types of roles and FW policies currently in use on your Bluesocket boxes.
One other thing to note, ClearPass can also interface with your Bluesocket environment if you want to retain its inline firewalling capabilities. You could centralize all of the actual guest sponsoring, device registration and guest authentication with ClearPass and just use the Bluesocket boxes to enforce firewall and network policies as they are today. This is a known use case that we have working at other locations around the world and may be an interesting option for you.
We can have one of our ClearPass technical specialists reach out to you to discuss further if thats of interest. Also happy to answer any other questions on this forum
06-30-2014 03:52 PM
I have deployed ClearPass Guest for sponsored guest access on a Cisco WLAN for one of our large university clients.
Works fine with Cisco, you just need to set L3 web authentication on the WLC's, configure the RADIUS servers and ensure that the WebACL permits access to the clearpass server.
I think there is an old amigopod cisco WLC integration guide on the support site which will give some guidance.