Security

Hi Airheads!

 

We have a CPPM implementation with a Clearpass cluster in a central location with multiple branch offices with local Aruba wireless controllers. We have different captive portals (14 in total) implemented, 2 per remote site (one for visitors, one for patients). There are also 2 SSID's per remote site.

Each portal has its own GuestUser Role ID assigned so that we can make a difference between the different guest users and thus assign the appropriate Aruba user role back to the controllers.

 

There is however one problem: guest users are able to login to both the portal for visitors and to the portal for patients. And that is not the purpose...

 

The question is: how can we prevent guest users intended for e.g. the visitor portal to log on to the patients portal?

 

Thanks in advance!

 

Best regards

Tim

What is the access difference between patients and guests?

Guests are allowed restricted internet-only access, patients can additionally browse to some internal resources. These access restrictions are configured on the wifi controllers

how are you making the distinction between  the two type of users?

 

 

 

 

Why not use the same SSID and use role based access?

The customer insisted on different SSID's instead of one.

We've made different guest user role ID's per type of user, 14 in total. This way we do the role mapping to differentiate the type of users.

Solved by checking for the according SSID in combination with the assigned Role ID to the Guest account.