Security

Reply
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Guest accounts via clearpass

I have 2 questions regarding clearpass guest account management.

1. Can a user, signed up via one guest account page be prevented from being seen as a returning user if they connect to a captive portal authentication profile that points to a different page.

2. Is there a dynmic way for a captive portal authentication portal to point to a different Clearpass guest page on a different Clearpass instance in the event of a failover?

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Guest accounts via clearpass

1. are you trying to block access or allow. I'm kind of confused on your question?

 

2. yes and no. :)

 

    A. If you have a VIP between the two you could point to the same page on another CPPM that is in the cluster.

 

    B. Use a load balancer.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 517
Registered: ‎05-11-2011

Re: Guest accounts via clearpass

Hello MattF

 

A bit hard to read your questions here. Perhaps it would be easier for us to help you out if you include us in your intention with your solution. Right now you're narrowing it down a bit too much for me to give a good answer :)

 

But ok - if I understand your nr 1 question correctly you have a clearpass that hosts multiple sites. If I register on Site 1, and then arrive on Site 2 later that day, I get treated like it's the first time on that ClearPass.

 

How are you treating or categorising/enforcing your "returning users" today? Knowing that can lead us closer to a solution.

 

It really shouldn't be that hard to implement, but it might cause some user-issues..

 

Username need to be different, so add in prefix+random-number as username.

If you're doing MAC-auth, that too will be solved by site-unique usernames..

 

For question 2 - depends on what you want to accomplish ;)


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Guest accounts via clearpass

I would like users to have to sign up via both pages if they access them via Captive portal authentication profiles that point to the two different clearpass pages. Imagine a clearpass device shared between two completely separate companies - if a user signs up on one they should not automatically have access when hitting the other. So I'm trying to block access.

 

The two clearpasses would not have a common IP address, they would be separate. Currently using two Amigopods for separation but I am wondering whether one Clearpass could do the job. As the same user could appear on both setups the users details would be the same

Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Guest accounts via clearpass

[ Edited ]

.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: