Security

Reply
Contributor I

Clearpass Guest - Internet access allowed before validation

Hello,

 

We have Clearpass Guest 6.1.2.25166, part of  ClearPass Policy Manager 6.1.2.53442 to allow our guest to have internet access. We use aruba 3600 controllers (with the 6.2.1.4 firmware i recently updated).

 

Clearpass Guest is configured with self registration and sms. Our guest suppose to regisger on a webpage, receive a sms and authenticate with username and password, where the username is their e-mail and the password is a password send by sms.

 

This seem to work fine. 

 

The only thin is that employees are reporting that their guests already have access before receiving the sms and entering the information in the logon page.

 

What could be the issue? Could this be an issue between the initial profile and the real guest profile on the aruba controller? Or could this be something else?

 

I'm not sure where to start.

 

Any suggestion?

 

Thank you in advance.

 

Regards,

Roland

Guru Elite

Re: Clearpass Guest - Internet access allowed before validation

I would do a test registration and see if there is a login button on your summary/receipt page. All they have to do is click that and the system will do a background login (CoA to the controller).

 

guest-reg-login.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Clearpass Guest - Internet access allowed before validation

Yes, this was the problem.

 

On the receipt page the login button was displayed. I had an automaticly redirect configured to the login page from the receipt page with a 5 seconds delay, but the button was displayed during those 5 seconds.

 

So the beheviour was that someone who was quick enough to click the login button was given directly internet access from the receipt page, while someone who didn't click the button needed to wait for the sms.

 

I disabled the login button and now this is working as expected, they should not be able anymore to get direct access withouth the password send in the sms. 

 

Thank you for the quick support.

 

Regards,

Roland

Frequent Contributor II

Oops! Posted in wrong place. Sorry!

 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: