Security

Reply
Contributor I
Posts: 31
Registered: ‎11-20-2015

Guest vs Eterprise licenses

Hello,

 

A customer has ClearPass cluster that is utilising only Guest services. It is expected that any connected device will use up two licenses, one guest and one core (Policy Manager). However, we are observing tenfold higher use of core ones, compared with guest.

 

Am I getting all this about licensing wrong, or are we having an issue? Thanks in advance.

 

 

NesaM

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

[ Edited ]

What vendor is the NAD?
Are you sending back an ACCEPT or REJECT to get users into a captive portal state?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

What vendor is the NAD?
Are you sending back an accept or deny to get users into a captive portal state?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎11-20-2015

Re: Guest vs Eterprise licenses

Hi Tim,

 

Customer is using Aruba MC, Guest services are standard one (Guest MAC Auth , and Guest Access with MAC caching), and they are using "Allow Access" as default profile for Guest MAC Auth Enforcement Policy.

 

Thanks.

 

NesaM

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

It's likely drive-bys or users who connect and then never register.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

It's likely drive-bys or users who connect and then never register.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎11-20-2015

Re: Guest vs Eterprise licenses

Thanks TIm,

 

Is there any way of by-passing this by changing Enforcement policy somehow? Customer's worry is that they will run out of core licenses quite easily if they roll out Guest access to more locations/campuses (forgot to mention this is Higher Education establishment).

 

Thanks.

NesaM

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

Yes, send a REJECT for unknown devices and make sure your initial role in the AAA profile is the captive portal role.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Guest vs Eterprise licenses

Yes, send a REJECT for unknown devices and make sure your initial role in the AAA profile is the captive portal role.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 31
Registered: ‎11-20-2015

Re: Guest vs Eterprise licenses

Thanks, I will get on with it and let yu know of a result.

 

NesaM

Search Airheads
Showing results for 
Search instead for 
Did you mean: