Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Other AP vendor

This thread has been viewed 8 times

  • 1.  Other AP vendor

    Posted Mar 05, 2013 09:48 AM

    Hi,

     

    Short question, is it possible to use the Guest Self-Registration with an other vendor AP ? Now I use Aruba IAP but some of my customers have allready their own APs.


    Thanks

     

    Dimitri



  • 2.  RE: Other AP vendor

    Posted Mar 05, 2013 12:29 PM

    Definitely, Clearpass is platform independent. As long as your WLAN supports (almost every device does - even the SOHO vendors) RADIUS based authentcation you are fine for a basic setup.

    However, for advanced scenarios you need a capable infrastructure (such as Aruba Networks), for example using device type or user groups to place the users into different roles or VLANs, do RADIUS accounting etc.



  • 3.  RE: Other AP vendor

    EMPLOYEE
    Posted Mar 05, 2013 11:17 PM

    You need to check with your Vendor.

     

    If you want to authenticate via Captive Portal, your vendor must support a captive portal authentication method.  If you want to authenticate via 802.1x, your wireless AP needs to support 802.1x support.  If your vendor does not have support for the method you want to use, ClearPass will not be able to support those methods.

     

     

     



  • 4.  RE: Other AP vendor

    Posted Mar 06, 2013 02:31 AM

    Hi,

     

    Thanks for the help. Some of my customers uses already Mikrotik devices, that's why I need to se other vendor devices. Has I can see in the documentation, it supports External Captive Portal authentication. What parameters do I need to send to ClearPass Guest ?

     

    Here is an example of the login page in the Mikrotik device with a redirection to my ClearPass Guest server:

     

    <HTML>
<TITLE>Login</TITLE>
<BODY>
<FORM NAME="redirect" METHOD="post"
       ACTION="https://myCPguestserverIP/guest/guests.php">
       <INPUT TYPE="hidden" NAME="mac" VALUE="$(mac)"/>
       <INPUT TYPE="hidden" NAME="hostname" VALUE="$(hostname)"/>
       <INPUT TYPE="hidden" NAME="ip" VALUE="$(ip)"/>
       <INPUT TYPE="hidden" NAME="user" VALUE="$(username)"/>
       <INPUT TYPE="hidden" NAME="link-login" VALUE="$(link-login)"/>
       <INPUT TYPE="hidden" NAME="link-orig" VALUE="$(link-orig)"/>
       <INPUT TYPE="hidden" NAME="error" VALUE="$(error)"/>
</FORM>
<SCRIPT LANGUAGE="JavaScript">
        document.redirect.submit();
</SCRIPT>
</BODY>
</HTML>

     

    I have a Guest self-registration working fine with Aruba IAP, is there also something to configure there ?

     

    Edit : is it possible to have Aruba IAP and Mikrotik AP working with the same guest self-registration ?

     

    Regards

     

    Dimitri