Security

Reply
Occasional Contributor II

Re: Clearpass Guest - Self registration & self sponsorship (email address validation) - August-M

Hi,

a first step to preserve licenses could be using MAC CACHING, for users that connect more days consecutive..

Than, the best way to keep license number low, is to avoid users to connect... this is the hateful truth..

 

N

 

Contributor II

Re: Clearpass Guest - Self registration & self sponsorship (email address validation) - August-M

Its an open guest network so we can't stop connections. MAC Caching is set up already.

Frequent Contributor II

Re: Clearpass Guest - Self registration & self sponsorship (email address validation) - August-M

davey_m,

 

Have you tried to limit the number of maximum connections? Adjusting this value might help a bit.

 

In the Aruba Controller AP Configuration > AP Group name > Wireless LAN > Virtual AP > SSID > SSID Profile > Advanced tab and scroll down to Max Associations.

 

I know you're looking for something that will limit the total number of associated MACs for your guest SSID, so this might help. I'm not 100% clear whether or not it's a global value or if it will only affect the APs directly (meaning, if the max association is 65 PER AP for a particular SSID, this may only affect total guest capacity per AP instead of the entire SSID), but maybe modifying your guest DHCP pool to only allow for the total number of licenses you have available might help more. Just spitballing.

Re: Clearpass Guest - Self registration & self sponsorship (email address validation) - August-M

Does anyone have the original PDF? The other "easier" version is missing a few things. I would like to review the original and compare both...

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Highlighted

Re: Clearpass Guest - Self registration & self sponsorship (email address validation) - August-M

What is it that is missing?  The original version is very dated and broken now.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

Just having a hell of a time to get this designed using a Cisco WLC with CWA.
I can't seem to get it to hit the mac cache service.

Same type of mechanie, guest enters email, receives it, clicks link and extends session to x amount of hours.

I just wanted to see the initial setup of the services. I have the initial web redirect working, user receives email and is allowed on the internet but the rest of it needs work. MAC cache, etc...
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

I see.  Let me test that here with my cisco controller and get back to you.  I won't be until after Xmas though. ;-)


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: Clearpass Guest - Self registration

yes please!
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Clearpass Guest - Self registration

You may have this already enabled but just in case : 

2017-12-21 16_54_21-How to ClearPass Guest Mac Caching with Cisco WLC.docx - Microsoft Word Online.png2017-12-21 16_53_57-How to ClearPass Guest Mac Caching with Cisco WLC.docx - Microsoft Word Online.png2017-12-21 16_53_27-How to ClearPass Guest Mac Caching with Cisco WLC.docx - Microsoft Word Online.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Clearpass Guest - Self registration

Thanks Victor but we are using server-initiated "CWA" like auth so no web policy configured on the WLC. I am sending the redirect ACL and redirect url from CPPM to the WLC. This works great.

 

Initial MAC authentication works, users is put into proper CPPM role, etc. portal loads, enter email, receive sponsorship email

 

Initial access tracker output shows

1. MAC auth service
2. web auth service
3. goes back to mac auth service instead of the mac caching one...

 

I will continue to work on it...off for the holidays but crunch time for me is 2nd week of January so ill see then.

 

Anyway, Michael_Clarke, if you have something working for self-sponsoring using email and Cisco, would love to see how it was done...

 

thanks again all

 

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: