Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

ClearPass Anonymous Captive Portal Licensing

Hi All, 

 

I am working on setting up a captive portal solution using ClearPass to provide a number of services.  Among the things I am trying to accomplish are:

 

1) Allow single click captive portal for basic access

2) Allow captive portal login for users with AD accounts. 

3) Allow special guests the ability to self-register with sponsorship

 

I have all three of these working already, however my concern is about licensing.  The anonymous login option in ClearPass defaults to using a Guest User account.  My understanding of ClearPass licensing is that this consumes a Guest license for each unique MAC address using this login per-day.  We have enough Guest licenses to cover the limited self-registration but not enough to cover a horde of anonymous visitors.  Thus my questions are:

 

1) Will each anonymous visitor indeed consume a guest license? 

2) Is there any way to change the authentication source for this single anonymous account to, say the local user repository, so that it does not consumer Guest licenses?  

 

Thanks! 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: ClearPass Anonymous Captive Portal Licensing

In the web login page configuration for anonymous logins, there is only 1 guest license that is consumed as you are prompted to create a local guest user to use for authentication on the T&C page. The amount of MAC addresses per day would have to be sized and matched against an appropriate ClearPass policy manager appliance but you should be able to scale this up without additional guest licenses being consumed.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

Re: ClearPass Anonymous Captive Portal Licensing

Hmm, ClearPass licensing has always been rather confusing. You seem to be saying that Guest license consumption is based on the Guest user account and NOT on the unique MAC addresses authenticating as a Guest.  That appears to contradict this forum post: 

http://community.arubanetworks.com/t5/Mobility-Hero-Tutorials/ClearPass-Licensing-Explained/ta-p/207739

Which explains Guest licensing thusly:

ClearPass Guest
The licenses count towards authenticated endpoints connected to a Guest user account, not the guest user account itself.
The CPPM tracks the unique MAC addresses registered on a Guest that it sees on a daily basis, but the refresh is weekly.
 
Example:
If you have one appliance and use the starter bundle (25 Enterprise licenses) all for Guest, you can authenticate 25 unique MAC addresses per day connected by Guests.

I would be very happy if you are correct and all 5000+ devices authenticating per day using the Anonymous guest user account will only consume a single Guest license (obviously they would still consume 5000+ Policy Manager licenses).  Can you or someone else at Aruba confirm this?  

 

Thanks! 

 

 

 

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: ClearPass Anonymous Captive Portal Licensing

if you have a clearpass Aruba SE around i would contact him / her.

Search Airheads
Showing results for 
Search instead for 
Did you mean: