Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎07-01-2016

CPPM - Prevent Guest users from logging on to certain captive portal

Hi Airheads!

 

We have a CPPM implementation with a Clearpass cluster in a central location with multiple branch offices with local Aruba wireless controllers. We have different captive portals (14 in total) implemented, 2 per remote site (one for visitors, one for patients). There are also 2 SSID's per remote site.

Each portal has its own GuestUser Role ID assigned so that we can make a difference between the different guest users and thus assign the appropriate Aruba user role back to the controllers.

 

There is however one problem: guest users are able to login to both the portal for visitors and to the portal for patients. And that is not the purpose...

 

The question is: how can we prevent guest users intended for e.g. the visitor portal to log on to the patients portal?

 

Thanks in advance!

 

Best regards

Tim

Guru Elite
Posts: 21,525
Registered: ‎03-29-2007

Re: CPPM - Prevent Guest users from logging on to certain captive portal

What is the access difference between patients and guests?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎07-01-2016

Re: CPPM - Prevent Guest users from logging on to certain captive portal

Guests are allowed restricted internet-only access, patients can additionally browse to some internal resources. These access restrictions are configured on the wifi controllers
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: CPPM - Prevent Guest users from logging on to certain captive portal

how are you making the distinction between  the two type of users?

 

 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: CPPM - Prevent Guest users from logging on to certain captive portal

Why not use the same SSID and use role based access?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎07-01-2016

Re: CPPM - Prevent Guest users from logging on to certain captive portal

We've made different guest user role ID's per type of user, 14 in total. This way we do the role mapping to differentiate the type of users.
Occasional Contributor I
Posts: 5
Registered: ‎07-01-2016

Re: CPPM - Prevent Guest users from logging on to certain captive portal

The customer insisted on different SSID's instead of one.
Occasional Contributor I
Posts: 5
Registered: ‎07-01-2016

Re: CPPM - Prevent Guest users from logging on to certain captive portal

Solved by checking for the according SSID in combination with the assigned Role ID to the Guest account.

Search Airheads
Showing results for 
Search instead for 
Did you mean: