Security

last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Captive portal that offers the choice to register later?

This thread has been viewed 0 times

  • 1.  Captive portal that offers the choice to register later?

    Posted Sep 05, 2013 11:33 AM

    With an IAP virtual controller and ClearPass Guest, is it possible to do the following?

     

    Set the captive portal splash screen to 'allow internet' with Captive Portal Failure to permit unregistered users to browse the internet.

     

    After 20 minutes of free browsing send them to a registration screen/advertisement page that would pause before proceeding to the original destination.

     

    Perform the redirection to the registration page after a certain number of pages had been loaded or on the next page load after so many minutes.

     

    Thanks

     

    tharg



  • 2.  RE: Captive portal that offers the choice to register later?

    Posted Sep 05, 2013 11:28 PM

    This could be accomplished several different ways, here is one.

     

    On the splash page you could have a link to allow Internet traffic without registration. Imbedded in the HTML you could have a username and password (and a role which allows internet access) the "guest" would not see or know about the hidden account. Set the timeout for this for hidden user for 20 minutes active session then send a COA to disconnect. 

     

    At the end of the 20 minutes they would be redirected to the same captive portal page.  They could register or click the same link giving them 20 more minutes of Internet.



  • 3.  RE: Captive portal that offers the choice to register later?

    Posted Sep 09, 2013 10:37 AM
    Hi ddipert and all,

    Slightly different scenario but same theme.

    I was wondering if this kind of logic could apply to the following situation and if anyone could provide an example?

    Primary captive portal:-
    Provide self-registration and login php pages as usual. Embed a link on both pages to skip registration that points to secondary portal. Accepting terms required for registration and skip.

    Second portal:-
    Transparent portal that uses a random username/password with MAC caching and allows 20 minutes of browsing. After 20 minutes, pass user to third portal. (Does this need to be a portal, or can a role be assigned with a profile on CPPM? If so how?)

    Third portal:-
    Again, allow random username/password with MAC caching to prevent connecting back to second portal. This portal would redirect to the registration.php every x minutes with a timer before the user continues to browse.

    Thanks for looking. Your time and advice is appreciated.

    tharg


  • 4.  RE: Captive portal that offers the choice to register later?

    Posted Sep 17, 2013 10:39 AM

    Does anyone have a working example of a redirection for a session timeout?

     

    I believe Davids suggestion regarding COA has to be the way to go.  Can we set a ChangeToRol() based on time that would take an authenticated anonymous user and change the role to 'unauthorised' that would then direct them back to the portal when they refresh or open a new page?