Security

Reply
Contributor II

Clearpass adding time block to guest access

Hi,

 

I'm looking for an option to add the begin and end time in guest accoutn creation and the possibility to enforce on these times.

 

The idea is that a certain guest user is allowed to gain network access between a begin and an end time (for example 14:00 to 15:00) and the connection needs to be terminated when the end time is reached. Next day teh block is valid again so the guest account itself doesn't expire.

 

Both begin and end time need to set in the guest creation form and need to be able to be amended when neccecary.

 

I have found Time Source for authorization source but since I cannot find how to add the begin and end time in the guest creation form, I wouldn't know how to use those variables into the enforcement profile.

 

any help would be very appreciated.

 

rgds, Erik 

 

Re: Clearpass adding time block to guest access

2017-08-10-Image-002.png

How about incorporating something like this in the enforcement policy? I would also include username = <guest username> to make it more specific in case you have other users who have different times of access. Are you using an Aruba Controller? You can configure a reauthentication interval for every 30 minutes or 15 minutes to makes sure the session is being checked frequently. After 15:00, the Deny Access Profile would apply, which would likely drop them into the captive portal user-role, only allowing them to reach the captive portal but not authenticate until after 14:00.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Contributor II

Re: Clearpass adding time block to guest access

Hi Michael,

 

thanks for this Yes this would work but it woukld be inpractical to get Admin staff to make enforcement policies.

 

Would it be possible to make the time a variable and get input from the guest pass? Similar like adding a role to a guest or setting a expiration time on a guest pass. I didn't find something like that but I only had limited time.

 

The current plan is to make roles with time blocks to do this and let the staff pick the right role/time block but it would be nicer to be able to enter the begin and end-time per guest.

 

regards, Erik

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: