Security

 View Only

  • 1.  Hospitality - Random Mac address

    Posted May 04, 2025 11:24 PM

    Dear Experts, 

    One of our hospitality customer wants to block their staff mac addresses from accessing the internet via CP. The problem is that this staff has access to guest's lastname and room number so they can easily login in Captive Portal. Is there anyway to prevent it? What approach is normally taken to avoid this?



    ------------------------------
    Owais101
    ------------------------------


  • 2.  RE: Hospitality - Random Mac address

    Posted May 05, 2025 01:31 AM

    There are different ways on how you can configure this. There are multiple scenarios, for example, you can use CP (if you refer it for ClearPass and not Captive Portal) to create policies and enforcement profiles, to allow only Single Device to connect to the network. In addition, you can do a dynamic combination of rules, such as profiling End points and combining that with the 1 device per user to access to the Wireless Infrastructure.

    Blocking MAC Addresses is a bit more complex, considering Random MAC Address feature in the mobile devices now.



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP
    Just an Aruba enthusiast and contributor by cases
    If you find my comment helpful, KUDOS are appreciated.
    ------------------------------

    Original Message


  • 3.  RE: Hospitality - Random Mac address

    Posted May 06, 2025 10:05 AM

    Why do they want to do this? Does the customer hate their staff? Why not provide employees guest internet access?


    Original Message


  • 4.  RE: Hospitality - Random Mac address

    Posted May 07, 2025 03:40 AM

    I don't think you can prevent this, if people have access to the sign-in username and password and there are randomized mac addresses (as you can't use the MAC address to block access).

    One thing that may work (as suggested above) is to limit network access to a single device, which means that if an employee steals the credentials of a guest, the guest can't connect anymore and will start complaining.

    It feels to me like hotel staff has access to the keys to the guest rooms, but you don't want them to be able to use those keys. You may sample-wise check who is misbehaving, or based on reports or suspicion, then take disciplinary actions against misbehaving employees.

    In many parts of the world, I see hotels even moving away from captive portals and just provide unlimited internet access to their guests, employees, passer by, anyone. Simple and fast. That just may not work in regimes where there is a requirement to track who is doing what; but then impersonation/identity theft may be a crime and reporting to the police may be the next step.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content