Security

Reply
Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

Clearpass Guest Queries

HI Guys,

 

Need your help on these queries:

 

1) With the Guest Sponsor Workflow, the sponsor will receive an email after the Guest has self-registered. To approve, does the Sponsor requires a login account to the CP-Guest Server? Or can it be approved by anyone by clicking on the link?

 

 

2) With the latest version till date, are we able to set the expiry dates for the Guest during the approval process?

 

 

3) How will the licensing be when I have 2x CPPM in a cluster with it's relevent modules?

 

 

Thank you!

Aruba Employee
Posts: 26
Registered: ‎11-16-2011

Re: ClearPass Guest Queries

I can answer two out of three for you.  I will need to check into Question # 2 for you.

 

For Question 1 - You don't need operator on ClearPass Guest (CPG).  All the approver need do is click a link.

 

For Question 3 - Here is an explanation of how licensing works on CPG.

 

  • Licenses based on the number of unique authenticating endpoints (devices) per day
  • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
  • If you exceed your limit you will get a warning in the WebUI
  • If it was an abnormal week, nothing will happen and that warning will disappear.
  • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
  • At no point will we disable the system from authenticating users if you exceed the license limit.

Hope that helps.

Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

Re: ClearPass Guest Queries

Hi Tarinelli, Thanks for the info. For Question 1 - Can we have a operator to approve in the workflow? For Question 3 - Thanks for the detailed reply. How will they work in a clustered deployment? Are the licenses shared/distributed amongst the cluster? Or each server have to carry the total user licenses? Thanks Bro. Appreciate your help.
Aruba Employee
Posts: 26
Registered: ‎11-16-2011

Re: ClearPass Guest Queries

Yes.  you can direct the approval email to an operator rather than the employee hosting your guest.  Its up to you.  Licenses are shared across the cluster.

New Contributor
Posts: 4
Registered: ‎04-05-2013

Re: ClearPass Guest Queries

Hi tarinelli, with regards to your comments:

 

  • Licenses based on the number of unique authenticating endpoints (devices) per day
  • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
  • If you exceed your limit you will get a warning in the WebUI
  • If it was an abnormal week, nothing will happen and that warning will disappear.
  • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
  • At no point will we disable the system from authenticating users if you exceed the license limit.

 

In which Aruba document is this stipulated? I need to show an official document to a customer.

Guru Elite
Posts: 20,017
Registered: ‎03-29-2007

Re: ClearPass Guest Queries


DylanH wrote:

Hi tarinelli, with regards to your comments:

 

  • Licenses based on the number of unique authenticating endpoints (devices) per day
  • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
  • If you exceed your limit you will get a warning in the WebUI
  • If it was an abnormal week, nothing will happen and that warning will disappear.
  • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
  • At no point will we disable the system from authenticating users if you exceed the license limit.

 

In which Aruba document is this stipulated? I need to show an official document to a customer.


DylanH,

 

Not sure this will be in a document.  I would suggest you hook up with your local Aruba SE or Sales team to get clarification.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba Employee
Posts: 98
Registered: ‎03-15-2011

Re: ClearPass Guest Queries

To clarify the answer to question 1, the requirement of operator logins is optional.  We recommend you DO require credentials, but you are free not to.  Either way, check the manual for IsValidEmail and set the appropriate whitelist / blacklist for email domains on the sponsor_email field. 

 

There are no expiration options at approval time, no.  You can setup a default short-term expiration in the registration form itself, and then extend this, with a fixed value, on approval.  You cannot individually set a value though.  In scenarios where you have a couple distinct sets of visitors (say Guests and Contractors), we recommend setting up multiple self-registrations with the expiration times set, and then add links on the landing page for them to choose.  It would be on the sponsor to sanity check who they are sponsoring.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: