Security

Reply
Contributor I
Posts: 21
Registered: ‎12-08-2013

ClearPass Guest system self-register authorization problem

I use the service-template to configure the Guest sytem in CPPM (Guest Access);I use all of them are created by default;

When I connect the Guest SSID, authentication when there is no problem,But I don't want visitors to access the company internal network,So I made enforcement polices;When I connect again Guest SSID enforcement polices is of no effect。

 

How do I configure don't allow visitors to access the internal network ??

 

Thanks!

MVP
Posts: 4,175
Registered: ‎07-20-2011

Re: ClearPass Guest system self-register authorization problem

 

You should define that in the Guest-Role in the controller, once the user gets placed on that role you identify what segments you don't want those users to get to

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 21
Registered: ‎12-08-2013

Re: ClearPass Guest system self-register authorization problem

Wireless Controller is CISCO , After connecting the Guest SSID will be redirected to a page(https://x.x.x.x/guest/guest.php), then self-register account ,then login in ,then authentication is successful; At the moment, can access the Internet and corporate Intranet,I don't want to self - register the account to be able to access the internal network,Enforcement polices on how to do??

Guru Elite
Posts: 8,191
Registered: ‎09-08-2010

Re: ClearPass Guest system self-register authorization problem

You would need to configure ACLs either on the wireless controller or the upstream switch to block access to the corporate network.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎12-08-2013

Re: ClearPass Guest system self-register authorization problem

Can't use enforcement police do??

MVP
Posts: 4,175
Registered: ‎07-20-2011

Re: ClearPass Guest system self-register authorization problem

 

 

The enforcement profile determines the ACTION (VLAN,Role ,etc) but that needs to be define on the controller 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,191
Registered: ‎09-08-2010

Re: ClearPass Guest system self-register authorization problem

[ Edited ]

Enforcement profiles tell the network device what to do. In Aruba land, that means telling the controller or switch to put the device into a certain role which has ACLs attached. Since Cisco does not use the role concept, you need to send back the VLAN and then use ACLs on the controller or upstream switch to block access.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 21
Registered: ‎12-08-2013

Re: ClearPass Guest system self-register authorization problem

I do the authorization of the vlan, but I don't take effect;

 

How to do it??

MVP
Posts: 4,175
Registered: ‎07-20-2011

Re: ClearPass Guest system self-register authorization problem

[ Edited ]

Can you please share the enfor profile?

 

Do you have that VLAN define on your controller as well ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 21
Registered: ‎12-08-2013

Re: ClearPass Guest system self-register authorization problem

profiles,As shown in figure

Search Airheads
Showing results for 
Search instead for 
Did you mean: