Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Advertisement with a mac cached user

This thread has been viewed 0 times

  • 1.  Advertisement with a mac cached user

    Posted Jun 19, 2017 05:40 PM

    Hello

    IT is possible for clearpass to have users, use the mac cachin so that they dont have to put user and password again but that they get an advertisement everytime they  mac authenticate or something like that?

    Or sending them to a landing page ?

    Something like they remenber the user and they dont need to put user name and password but i can still send the advertisement when they start using the wifi?

     

    Cheers

    Carlos



  • 2.  RE: Advertisement with a mac cached user

    EMPLOYEE
    Posted Jun 19, 2017 05:41 PM

    Yes, just return a different role with a captive portal attached.



  • 3.  RE: Advertisement with a mac cached user

    Posted Jun 19, 2017 05:43 PM

    A captive portal that does not need to authenticate you mean?but that have the advertisement?

     

    Cheers

    Carlos



  • 4.  RE: Advertisement with a mac cached user

    EMPLOYEE
    Posted Jun 19, 2017 05:47 PM
    You’ll still need to authenticate using an anonymous account to get the user out of the captive portal state.


  • 5.  RE: Advertisement with a mac cached user

    Posted Jun 19, 2017 05:52 PM

    But if i use an annonymous user i wont be able to see that user listed on airwave or anythingl ike that.

     

    What the client would like is this

     

    I log in with my credentials

    cdelarosa@alternetworks.net

     

    I get my advertisement

     

    I can browse in the internet

     

    the next day i connect again to the wifi but this time i dont need to put my username and password but i still get the advertisement

     

    Also i can see the user cdelarosa@alternetworks.net on airwave  not an annonymous user

     

    Is this possible?

     

    Cheers

    Carlos

     

     



  • 6.  RE: Advertisement with a mac cached user

    EMPLOYEE
    Posted Jun 19, 2017 05:57 PM
    You just override the username in the RADIUS response.


  • 7.  RE: Advertisement with a mac cached user

    EMPLOYEE
    Posted Jun 20, 2017 05:00 AM
    At a high leve, you would have to setup mac caching with captive portal that stores the mac address in the endpoint database and the username of the user in a field called "username" along with that entry in clearpass.
     
    When the user returns later, the controller would mac authenticate to clearpass to bypass the captive portal and in the enforcement policy, return the username as the username field obtained when the user first authenticated to the captive portal.
     
    In your mac caching service in clearpass that would do the mac authentication,you can simply return "RADIUS:IETF:User-Name EQUALS %{Endpoint:Username}" in your RADIUS response.