Security

Reply
Contributor II
Posts: 50
Registered: ‎04-13-2009

Blacklist database in CPPM

I have a customer that wants to setup a rule for guest users in CPPM that will put them into the blacklist database if they are connected for more than 24 hours in a three day period. THey are trying to prevent employees from using the guest wifi. The Guest SSID is open and just presents a splash page with terms of acceptance.

 

They want the blacklisted users to get redirected to another splash page telling them to call the help desk. Aruba says this is possible. Not sure how to do it though.

 

 

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: Blacklist database in CPPM

Yes you can do it but you will need someone to create a custom SQL script to pull the data.

I would work with one of the certified partners that have SQL knowledge.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 360
Registered: ‎01-14-2010

Re: Blacklist database in CPPM

Hi satx71,

 

Here's another option. It sounds like the corporate network might be an 802.1X network. Here's what I helped a customer design, and it's been successful:

 

1. Client connects to an 802.1X network. 

2. They are given an Enforcement profile that sets an attribute for that device

3. This attribute could be defined as, "Secure-Access-Only"

4. The guest network will then have an additional requirement stating that endpoints with "Secure-Access-Only" will not be allowed on

5. A user device will then be sent a RADIUS Deny Access if they try to connect to the Guest network.

 

Tim (cappalli) wrote a great post outlining how he did this at Brandeis University. It showed the flexibility of using the attributes to achieve this functionality.

 

Hope this helps!

 

-Mike

Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: Blacklist database in CPPM

Thanks everyone. That will help get me started. This is a pure guest environment, so I will have to create an attribute based on their session info in the guest world. I will work on creating it for a 802.1x scenario as well. I am quite sure I will encounter that so I need to know how to make that work too.

 

Thanks again.

Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: Blacklist database in CPPM

Got another question. Do you know what the acceptable value ranges are when you are setting up a session-check allowed-duration attribute. Is it in seconds, minutes, days?

MVP
Posts: 360
Registered: ‎01-14-2010

Re: Blacklist database in CPPM

Hi satx71,

 

First, go to 

 

Administration > Server Manager > Server Configuration > "A CPPM Server" > "Enable Insight" is checked on the server. 

 

Next, go to:

 

i. Configuration > Enforcement > Profiles > Click "+Add"

ii. Choose a "RADIUS based enforecement" template

iii. Under the "Attributes" tab, hit the "Click to add" and choose the "Insight Repository"

 

Screen Shot 2014-11-06 at 8.21.41 AM.png

 

Hope this helps!

 

-Mike

Search Airheads
Showing results for 
Search instead for 
Did you mean: