Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Guest

This thread has been viewed 2 times

  • 1.  ClearPass Guest

    Posted Dec 29, 2012 07:05 AM

    Hi Guys,

     

    Let me get to the point directly:

     

    The customer wants the following:

     

     

    1-      Guest user access the guest SSID which does not require Layer 2 authentication but require Layer 3 authentication.

    2-      Guest user does not have credientials so it fill a web form including the following (e.g):

    a-       name

    b-      Personal email address

    c-      Cell phone number

    d-       Sponsor email address

    3-      Then an email will be sent to the sponsor showing the customer requiest for wireless access.

    4-      The sponser will accept the user request and generate (or it can be autometacally generated) username/password with default time access period to be assign to this user and his credential shall be stored in the Active Directory for authentication.

    5-      The server through sms-gateway will send the crediential to the user mobile number which was entered in the web form.

     

    My questions:

     

    Q1: Do I need ClearPass Policy Manager ? or ClearPass Guest can work alone and do the function without ClearPass Policy Manager ?

     

    Q2: I noticed from the video Aruba provide that the user enters the name of sponser can I change it to the name of the sponser and so the access request will be sent to that email directly ? (email should be sent to IT personel, it will be sent to the sponser regardless what is his position).

     

    Q3: can the automatically created username/password be sotred in AD Radius Server instead of controller/ClearPass server and how to do it ?

     

    Q4: login credientials should not appear directly after registration, however, user should receive them by sms aftersponsor acceptance ?

     

    Q5: how to integrate SMTP server with the sponsor email/name in self registration portal ?

     

    I might need more information later, thanks.



  • 2.  RE: ClearPass Guest
    Best Answer

    EMPLOYEE
    Posted Dec 29, 2012 08:08 AM
    @Abi wrote:

    Hi Guys,

     

    Let me get to the point directly:

     

    The customer wants the following:

     

     

    1-      Guest user access the guest SSID which does not require Layer 2 authentication but require Layer 3 authentication. <ok>

    2-      Guest user does not have credientials so it fill a web form including the following (e.g): <ok>

    a-       name

    b-      Personal email address

    c-      Cell phone number

    d-       Sponsor email address

    3-      Then an email will be sent to the sponsor showing the customer requiest for wireless access. <ok>

    4-      The sponser will accept the user request and generate (or it can be autometacally generated) username/password with default time access period to be assign to this user and his credential shall be stored in the Active Directory for authentication. <We cannot create credentials in Active Directory, but they will be stored in a database>

    5-      The server through sms-gateway will send the crediential to the user mobile number which was entered in the web form. <ok>

     

    My questions:

     

    Q1: Do I need ClearPass Policy Manager ? or ClearPass Guest can work alone and do the function without ClearPass Policy Manager ? <You can still purchase ClearPass Guest Separately to do all of these functions.>

     

    Q2: I noticed from the video Aruba provide that the user enters the name of sponser can I change it to the name of the sponser and so the access request will be sent to that email directly ? (email should be sent to IT personel, it will be sent to the sponser regardless what is his position).  <The guest only inputs the email address of the sponsor, NOT the name of the sponsor.  IT Personnel can be copied on the request.>

     

    Q3: can the automatically created username/password be sotred in AD Radius Server instead of controller/ClearPass server and how to do it ? <No>

     

    Q4: login credientials should not appear directly after registration, however, user should receive them by sms aftersponsor acceptance ? <This can be done, so the credentials are hidden until the user gets the SMS, or they can be displayed and disabled until the sponsor approves them.>

     

    Q5: how to integrate SMTP server with the sponsor email/name in self registration portal ?  <The SMTP server configuration is a standard part of the setup>.

     

    I might need more information later, thanks.

     



  • 3.  RE: ClearPass Guest

    Posted Dec 29, 2012 08:23 AM

    Thanks Colin

     

    So the username/password will be created automatically and stored in the ClearPass DB, correct ?

     

    one more thing can the sponsor specify the time allowed for this guest to be active or it has to be defined for all guest in clearpass by defualt ? if not can I rely on Cisco Controller to do the timing and just use ClearPass Guest for Guest self registration, email to spnsor and sms back to guest and fianlly authentication ?

     



  • 4.  RE: ClearPass Guest

    EMPLOYEE
    Posted Dec 29, 2012 08:33 AM
    @Abi wrote:

    Thanks Colin

     

    So the username/password will be created automatically and stored in the ClearPass DB, correct ?

     

    one more thing can the sponsor specify the time allowed for this guest to be active or it has to be defined for all guest in clearpass by defualt ? if not can I rely on Cisco Controller to do the timing and just use ClearPass Guest for Guest self registration, email to spnsor and sms back to guest and fianlly authentication ?

     

    The guest can be assigned a default time, like 1 day for example, and the sponsor can extend that, if they would like, independent of the Cisco controller.  The Cisco controller would only be the enforcer for the time already set by the Sponsor in ClearPass Guest.  You cannot set the time in the Cisco controller.  ClearPass Guest controls setting the time, and manipulating it....