Security

Reply
Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

ClearPass Guest

[ Edited ]

Hi Guys,

 

Let me get to the point directly:

 

The customer wants the following:

 

 

1-      Guest user access the guest SSID which does not require Layer 2 authentication but require Layer 3 authentication.

2-      Guest user does not have credientials so it fill a web form including the following (e.g):

a-       name

b-      Personal email address

c-      Cell phone number

d-       Sponsor email address

3-      Then an email will be sent to the sponsor showing the customer requiest for wireless access.

4-      The sponser will accept the user request and generate (or it can be autometacally generated) username/password with default time access period to be assign to this user and his credential shall be stored in the Active Directory for authentication.

5-      The server through sms-gateway will send the crediential to the user mobile number which was entered in the web form.

 

My questions:

 

Q1: Do I need ClearPass Policy Manager ? or ClearPass Guest can work alone and do the function without ClearPass Policy Manager ?

 

Q2: I noticed from the video Aruba provide that the user enters the name of sponser can I change it to the name of the sponser and so the access request will be sent to that email directly ? (email should be sent to IT personel, it will be sent to the sponser regardless what is his position).

 

Q3: can the automatically created username/password be sotred in AD Radius Server instead of controller/ClearPass server and how to do it ?

 

Q4: login credientials should not appear directly after registration, however, user should receive them by sms aftersponsor acceptance ?

 

Q5: how to integrate SMTP server with the sponsor email/name in self registration portal ?

 

I might need more information later, thanks.

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: ClearPass Guest


Abi wrote:

Hi Guys,

 

Let me get to the point directly:

 

The customer wants the following:

 

 

1-      Guest user access the guest SSID which does not require Layer 2 authentication but require Layer 3 authentication. <ok>

2-      Guest user does not have credientials so it fill a web form including the following (e.g): <ok>

a-       name

b-      Personal email address

c-      Cell phone number

d-       Sponsor email address

3-      Then an email will be sent to the sponsor showing the customer requiest for wireless access. <ok>

4-      The sponser will accept the user request and generate (or it can be autometacally generated) username/password with default time access period to be assign to this user and his credential shall be stored in the Active Directory for authentication. <We cannot create credentials in Active Directory, but they will be stored in a database>

5-      The server through sms-gateway will send the crediential to the user mobile number which was entered in the web form. <ok>

 

My questions:

 

Q1: Do I need ClearPass Policy Manager ? or ClearPass Guest can work alone and do the function without ClearPass Policy Manager ? <You can still purchase ClearPass Guest Separately to do all of these functions.>

 

Q2: I noticed from the video Aruba provide that the user enters the name of sponser can I change it to the name of the sponser and so the access request will be sent to that email directly ? (email should be sent to IT personel, it will be sent to the sponser regardless what is his position).  <The guest only inputs the email address of the sponsor, NOT the name of the sponsor.  IT Personnel can be copied on the request.>

 

Q3: can the automatically created username/password be sotred in AD Radius Server instead of controller/ClearPass server and how to do it ? <No>

 

Q4: login credientials should not appear directly after registration, however, user should receive them by sms aftersponsor acceptance ? <This can be done, so the credentials are hidden until the user gets the SMS, or they can be displayed and disabled until the sponsor approves them.>

 

Q5: how to integrate SMTP server with the sponsor email/name in self registration portal ?  <The SMTP server configuration is a standard part of the setup>.

 

I might need more information later, thanks.


 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Thanks Colin   So the username/password will be created a...

Thanks Colin

 

So the username/password will be created automatically and stored in the ClearPass DB, correct ?

 

one more thing can the sponsor specify the time allowed for this guest to be active or it has to be defined for all guest in clearpass by defualt ? if not can I rely on Cisco Controller to do the timing and just use ClearPass Guest for Guest self registration, email to spnsor and sms back to guest and fianlly authentication ?

 

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: Thanks Colin So the username/password will be created a...


Abi wrote:

Thanks Colin

 

So the username/password will be created automatically and stored in the ClearPass DB, correct ?

 

one more thing can the sponsor specify the time allowed for this guest to be active or it has to be defined for all guest in clearpass by defualt ? if not can I rely on Cisco Controller to do the timing and just use ClearPass Guest for Guest self registration, email to spnsor and sms back to guest and fianlly authentication ?

 


The guest can be assigned a default time, like 1 day for example, and the sponsor can extend that, if they would like, independent of the Cisco controller.  The Cisco controller would only be the enforcer for the time already set by the Sponsor in ClearPass Guest.  You cannot set the time in the Cisco controller.  ClearPass Guest controls setting the time, and manipulating it....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: