03-28-2014 08:48 AM
I have 2 questions regarding clearpass guest account management.
1. Can a user, signed up via one guest account page be prevented from being seen as a returning user if they connect to a captive portal authentication profile that points to a different page.
2. Is there a dynmic way for a captive portal authentication portal to point to a different Clearpass guest page on a different Clearpass instance in the event of a failover?
03-28-2014 01:59 PM
1. are you trying to block access or allow. I'm kind of confused on your question?
2. yes and no. :)
A. If you have a VIP between the two you could point to the same page on another CPPM that is in the cluster.
B. Use a load balancer.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
03-28-2014 02:42 PM
A bit hard to read your questions here. Perhaps it would be easier for us to help you out if you include us in your intention with your solution. Right now you're narrowing it down a bit too much for me to give a good answer :)
But ok - if I understand your nr 1 question correctly you have a clearpass that hosts multiple sites. If I register on Site 1, and then arrive on Site 2 later that day, I get treated like it's the first time on that ClearPass.
How are you treating or categorising/enforcing your "returning users" today? Knowing that can lead us closer to a solution.
It really shouldn't be that hard to implement, but it might cause some user-issues..
Username need to be different, so add in prefix+random-number as username.
If you're doing MAC-auth, that too will be solved by site-unique usernames..
For question 2 - depends on what you want to accomplish ;)
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
03-29-2014 04:11 AM
I would like users to have to sign up via both pages if they access them via Captive portal authentication profiles that point to the two different clearpass pages. Imagine a clearpass device shared between two completely separate companies - if a user signs up on one they should not automatically have access when hitting the other. So I'm trying to block access.
The two clearpasses would not have a common IP address, they would be separate. Currently using two Amigopods for separation but I am wondering whether one Clearpass could do the job. As the same user could appear on both setups the users details would be the same
03-29-2014 04:43 AM - edited 03-29-2014 05:19 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs