Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Hotspot Plan Roles

This thread has been viewed 1 times

  • 1.  Clearpass Hotspot Plan Roles

    Posted Jan 07, 2014 03:42 PM

    I'm trying to set up hotspot plans for various different payment options, e.g. hourly, daily, weekly and monthly.

    Each of these plans should also allow different numbers of devices - e.g. hourly allows only 1 device per account, daily allows 2 devices, weekly allows 3, and monthly allows 4. 

     

    In CPPM, I have created the roles [Guest-Hourly], [Guest-Daily], [Guest-Weekly] and [Guest-Monthly].  The idea is that I will use those roles in the enforcement policy, something like:  

     

    (Authorization:[Endpoints Repository]:Unique-Device-Count GREATER_THAN  1
    AND  (Tips:Role  EQUALS  [Guest-Hourly])

    action: [Deny Access Profile]

     

    but in "Manage Hotspot Plans" the only roles I can select are [Guest], [Contractor] and [Employee]. 

     

    Any ideas how I can get my roles to be applied to the hotspot plans?

     



  • 2.  RE: Clearpass Hotspot Plan Roles

    EMPLOYEE
    Posted Jan 08, 2014 02:27 AM

    In CPPM the post auth process happens in the backend you don't need to create seperate roles for each. You just use the service template "Guest MAC Authentication". If you look in the last part there is post auth process that happens that will look at the mac address of the device and based on its registration in the hotspot plan it will enforce the post auth needed. 

     

    You just setup the hotspot plan in the CPGuest side and the magic will happen in the backend through the post auth processes. :)

     

     

    screenshot_02 Jan. 08 01.10.gif

     



  • 3.  RE: Clearpass Hotspot Plan Roles

    Posted Jan 08, 2014 10:20 AM

    ...ok, so I know how to create a guest auth service in CPPM, and I have done that.

     

    But how does the "magic" know the difference between users who pay for different hotspot plans?  I was assuming this was set by the role assigned in the Hotspot plan.  

    If not, then can you give me an example of the Enforcement Profile rules?

     

    Here's what I'm using so far, with the Roles that the Hotspot Plan has built-in.  It works, but I need more roles, or some other way of differentiating between the plans.

     

     EnforcementProfile.PNG



  • 4.  RE: Clearpass Hotspot Plan Roles
    Best Answer

    Posted Jan 08, 2014 10:43 AM

    Ok, I think I found it.  I edited the rule and found some options under the "GuestUser" condition which seems to do the trick.  Here's a sample that I just tested:

     

    NewEnforcementPolicy.PNG



  • 5.  RE: Clearpass Hotspot Plan Roles

    Posted May 18, 2016 10:24 PM

    I am integrating ClearPass with Micros Opera, I created a plan for offer the customers an upgrade on speed for a price. How can I control the bandwith from Clearpass. The customer is using Ruckus wireless platform. I mean, how must the service be configured on CPPM?

     

    Thaks.