Security

We've put together a MAC Registration page using ClearPass Guest & the question came up if we can advertise different hostsnames for other clients.  

 

I'm aware that the guest login page is rather static.  

 

https://<CPPM>/guest/auth_login.php

 

Given that we'd have to make the login page rather generic.  Is it possible to create different virutal hosts so that different URLs would result in the same page?

 

https://<CPPM SITE1>/guest/auth_login.php

https://<CPPM SITE2>/guest/auth_login.php

 

We should be able to account for different domain logins w/ a crafty Operator Logins, Application Enforcement Profiles, & Operator Translation Rules.

 

I'll need to take a look at the CPPM Certificates TechNote to see how, if at all feasable, this can be secured.  I'm not sure if an SSL Cert w/ the various Subject Alternate Names would work.  

 

Thanks, 

 

 

Just do a certificate with SANs with different DNS records at each site. Should work fine for a basic guest setup. You could even just use a wildcard cert for the HTTPs side if the domain is staying the same (don't use a wildcard for RADIUS though).

Thanks for your quick response Tim.  

 

I'll give it a shot once the back-to-school rush finishes & I have time to fool around w/ my dev server.  

 

Thanks, 

Just curious, why aren't you using the same hostname for each site if everything on the back end is the same?

Cuz, the possibility exists for us to enable MAC Reg for 2 distinct domains. 

 

http://wifimacreg.domainA.edu

http://wifimacreg.domainB.edu

 

And eventually, if I can wrap my head around our complex switching configs ...

 

http://netreg.domainA.edu

http://netreg.domainB.edu

 

We’re already using a cluster of 3 CPPM (no vip) for production 802.1x auth against 2 different AD.  The RADIUS host is pretty well hidden from most user’s configuration (we use XpressConnect); however, the host of the login page will be more visible to users. 

 

Thanks again,