We want a separate portal voor Guests at some office location through a fully separated DSL internet connection. The current is used with selfregistration integrated with sms and for the new one we want to let some group of people create users for guests and have some printout or e-mail or something like that. The network wil be separated by vlan on the controllers and we use a different SSID.
So i already created some network and tested this (just with regular WPA2), the network is already configured and can be used wireless.
Beside to change some part at the Aruba Controllers, I think i have the following steps to do for Clearpass:
1 Connect the CPPM virtual server with the new VLAN and give it an ip address in the new network (to allow guests to reach the welcome/login pages);2 Create a a new Service in CCPM for guest access;3 Create some new welcome page/login page for guests at Clearpass Guest;4 Create some posibility for a group of people to allow to create guest accounts.
For 1 i think that i can add a vlan from the server configuration -> server properties -> Network -> Create VLAN, and i need to add this vlan to the VMWare Virtual machine, the hosts, etc.Is this correct? Or is there another way to arange this, maybe by adding a separate NIC to the VM? Or can i somehow let traffic handled by the Aruba Controller throug another vlan?
For 2 i can just create a new service. But can i have a separate local guest database?
For 3, this should be possible, i can create some page i think from the "pages" part in the
Guest configuration is this correct?
For 4, can i have some separate web portal where i can allow some superusers to create/manage guests, but only for the guest for this service? They are not allowed to create guests for the existing guest service.
Is that what i want possible? And how should i handle this?
Any help is appriciated.
Thank you in advance.
1) no joying the clearpass to multiple VLANs isnt really something that is done often (not even sure if it possible), just route the traffic to it from the controller is more common.
2) i would advise you to use the clearpass templates to add a captive portal setup, perhaps with mac caching if you want. you can probably select on the aruba ssid to seperate from the other ssid
3) yep and make sure you use that ip / url in your controller l3 auth profile
4) should be possible, but can't guide you exactly on how to make the seperation.
Hello "Boneyard" and John,Okay, i prefered to prevent the use of the existing infrastucture for this new network. This to prevent traffic flows from the seperate network to the production network and the otherway around, but yeah, technically i should be able the seperate network, change the default 192.168.1.x network to a company ip range and route traffic to and from clearpass. But then i need to speccify the traffic that is needed and block other traffic. Can this routing and firewalling also be done by the controller for the partly physical and partly wireless network? I need to look into the documentation for where to find this, i don specific use routing at the controller and firewalling is currently only used for wireless netwerk based on role.I can indeed copy sthe existing service or just create a new one and compare settings, the operator role and filters i need to look into to seperate the administration of the environments.The welcom page/login page can also be duplicated (or recreated), important is then to create the custom versions of all pages and views and select the correct operator role config, as mentioned by John.So overall this is going to take some time to correctly configure, but this seems all possible.Thanks for you support, if you have some additional remarks/tips about the above, please let me know. Next step for me is to find more information about the routing/firewalling part.Thanks!Roland
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.