Wireless Access

 View Only
  • 1.  Change sponsor name FQDN

    Posted Feb 27, 2020 09:45 AM

    Hi. 

    I have search without luck. 

    We have our Clearpass server on URL "https://clearpass.company.org" and will soon let sponsors create guest accounts using the URL "https://clearpass.company.org/guest". 

    Is there a way to change this URL to something like "https://sponsor.company.org" instead?

    I have previously worked with Cisco ISE and this was really easy to do. 

     

    Thank you



  • 2.  RE: Change sponsor name FQDN

    Posted Feb 27, 2020 10:29 AM

    Hi,

     

    Yes, you can do it with ClearPass however you need to add the SAN field in your certificates with multiple names or single (DNS name = sponsor.company.org ) shown in below link,

    https://www.digicert.com/subject-alternative-name.htm

     

    Then navigate to the 

    Administration » Server Manager » Server Configuration Click on server name and update the sponsor.company.org next to FQDN field.

     

    so with this you can access multiple SSL mapped to single ClearPass IP address with HTTPS security. 

     

    Hope this helps and i am not missing something. 

     

     

     

     

     

     



  • 3.  RE: Change sponsor name FQDN

    Posted Feb 27, 2020 10:46 AM

    I think you misunderstood the question or I wasn't being to clear. 

     

    I want the admin part to have the URL https://clearpass.company.org but the sponsor portal URL to be https://sponsor.company.org

     

    The information you provided will change the whole FQDN for the machines, not only the sponsor portal. 



  • 4.  RE: Change sponsor name FQDN

    Posted Feb 27, 2020 04:07 PM

    Hi,

     

    Can you please elaborate on the use case?

    What do you mean by the sponsor portal (will it be used for sponsor approval or to create guest accounts)?

    How are you planning to resolve the various sponsor URLs to IP addresses to reach the portal?



  • 5.  RE: Change sponsor name FQDN

    Posted Feb 27, 2020 06:06 PM

    It will be used to create guest accounts only. 

    I simply want the URL to be more simple for our employes. 

     

    In Cisco ISE, I changed the URL to portal.company.org and the server started to listen to that address for the sponsor portal, simple as that. 

    I want the ADMIN URL to be clearpass.company.org but the SPONSOR url to be guest.company.org or something else. Not "clearpass.company.org/guest". It's to complicated to remember for our users. 



  • 6.  RE: Change sponsor name FQDN
    Best Answer

    Posted Mar 02, 2020 06:19 AM

    ClearPass doesn't allow specific services to be bound to a specific service (Guest, Policy Manager, Insight).

     

    What you could do is put the default page to the ClearPass Guest Application Login:

    Screen Shot 2020-03-02 at 12.13.19.png

    If your users go to guest.company.org, they will end up on the /guest. Admins can go to clearpass.company.org/tips/ to get to the admin page.

     

    BTW, going to clearpass.company.org/ would get you to guest as well, similar to guest.company.org/tips/ will get you to the CPPM login page.

     

    You can use (recommended to do so) Application ACLs to limit who can access what parts of ClearPass. At least prevent guests or operators to access the /tips/ part.

     



  • 7.  RE: Change sponsor name FQDN

    Posted Apr 17, 2020 03:59 AM

    Thank you Herman. 

    This solution was not exactly was I was hoping for, but it works. Thank you!