Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass + Aruba Instant + Self-sponsoring

This thread has been viewed 1 times

  • 1.  Clearpass + Aruba Instant + Self-sponsoring

    Posted Jul 12, 2016 04:06 AM

    Hello community, I was configuring an scenario with a cluster of Aruba Instant, Clearpass 6.4 and a SSID with Guest Self-Registration and Self-Sponsoring (grace-period of some minutes for looking at the email).

     

    I have seen a guide that describes a similar scenario but the principal difference is that uses a Aruba Controller instead of a Instant cluster. The guide is: http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/14147/1/How-to%20Self-Register%20and%20Self-Sponsor%20(validated%20email)%20-%20Secdata%201-4.pdf

    I can't follow this guide because the options in the controller / Aruba Instant are not similar. There is any other guide with the scenario described?

    Thank you very much,

    Best Regards.



  • 2.  RE: Clearpass + Aruba Instant + Self-sponsoring

    Posted Jul 12, 2016 04:31 AM

    Do you want them to change VLAN once authenticated or just same vlan? 

     

    You can create a guest SSID and use the authentication option external captive portal and add the clearpass guest url there. 



  • 3.  RE: Clearpass + Aruba Instant + Self-sponsoring

    Posted Jul 12, 2016 05:15 AM

    I don't really need to use different VLAN.
    Yes, I have made a Guest Self-registration and a Guest Self-sponsorship with the Aruba Instant in combination with Clearpasst (using the way you describe, external auth) but the real resultat that I need is:

    -- User connects to the guest ssid.

    -- Instant AP redirects to the Guest-Self registration page.

    -- Clearpass send an email to the address that user typed.

    -- User have a role that permit navigation during 10 minutes, grace period for navigate to the webmail and validate the connection (self-sponsorship).

     

    I don't know how to do the grace-period of 10 minutes without using a Aruba Controller (Change of Authority feature).

    Thank you,

    Best Regards



  • 4.  RE: Clearpass + Aruba Instant + Self-sponsoring
    Best Answer

    EMPLOYEE
    Posted Jul 12, 2016 05:26 AM

    I am the author of that original guide.  It was written for cppm a few versions back.  Things have changed a bit through the versions and this can be achieved much easier.  Please see this more recent and excellent guide here.  It is based on IAP as well.  Enjoy. :-)

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/HowTo-Auto-Sponsor-with-Clearpass-Guest/m-p/255232/highlight/true#M23974