Wireless Access

Reply
Super Contributor II

Instant guest and reporting

Hi all,

    I have a customer who would like to get some statistical reporting from how many guests are access the guest network through the internal is there a way to send this sort of info to a syslog server. I dont knwo much about setting up syslogging so if anybody knows of a good resource for this I would appreciate it.

Re: Instant guest and reporting

WIth instant alone, it will not retain the information needed to build a report like this.  I would recommend either Airwave - which has rich reporting capabilitites and you can build a report based on the guest SSID client counts - or ClearPass which has rich visitor management features.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Super Contributor II

Re: Instant guest and reporting

The customer requirements are pushing the Instant devices beyond their capabilities I think. They have clearpass but do not want to allow IP connectivity fron the guest to clearpass, so we cant do captive portal there. In addition the have bought BT homehubs to connect to a separate ADSL line for guest only which is providing the guest IP and placing them on a VLAN which only exists on the Instant and the switch. The believed they could authenticate first before assigning an IP address, then move to obtaining an address via the homehub device. The lack of customisation for the internal page and an issue with destination NATing to a proxy address I think its going to force us to receommend a 620 controller on the sites. Not sure that there is any other realistic option.

Re: Instant guest and reporting

This would require more thought with your local Aruba SE BUT have you considered using ClearPass with guest page restrictions?  There is a new-ish feature which can limit access to the guest pages and not the entire box.  That way, you can allow communication to the server without worrying about any breach of security.

 

From 6.1 release notes:

CPPM now supports specification of allow and deny lists for access to CPPM / Guest Operator / Insight pages via IP addresses or subnet. 

 

You can also try the virtual controller IP assigned network for the guest SSID.  I see your point on the separate network but with firewall policy, instant can really limit the risk.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Super Contributor II

Re: Instant guest and reporting

They don't want any IP connectivity to the Clearness device regardless of which page they see. They don't even want the traffic crossing corporate devices which is why the VLAN is not defined on the site router only on the Instant and switch. I'm not altogether sure how they initially thought the landing page was going to be accessed, however we have proposed the 620 controller solution and await their response. Additionally the seem to think the CP page on the instant can be modified, email text box removed, logo uploaded - I was not aware that any of this can be done - am I wrong?

Moderator

Re: Instant guest and reporting

We will allow customization of the CP page in Instant with v.4.0 due end of October.   This feature is still being defined but it will allow uploading a custom .jpg for the background.  I do not have information, yet, on whether this will be the entire background or just a portion of it or what the size allowance will be.  Hopefully this feature will help simplify your project.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: