Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest accounts via clearpass

This thread has been viewed 0 times

  • 1.  Guest accounts via clearpass

    Posted Mar 28, 2014 11:49 AM

    I have 2 questions regarding clearpass guest account management.

    1. Can a user, signed up via one guest account page be prevented from being seen as a returning user if they connect to a captive portal authentication profile that points to a different page.

    2. Is there a dynmic way for a captive portal authentication portal to point to a different Clearpass guest page on a different Clearpass instance in the event of a failover?



  • 2.  RE: Guest accounts via clearpass

    EMPLOYEE
    Posted Mar 28, 2014 05:00 PM

    1. are you trying to block access or allow. I'm kind of confused on your question?

     

    2. yes and no. :)

     

        A. If you have a VIP between the two you could point to the same page on another CPPM that is in the cluster.

     

        B. Use a load balancer.



  • 3.  RE: Guest accounts via clearpass

    Posted Mar 28, 2014 05:42 PM

    Hello MattF

     

    A bit hard to read your questions here. Perhaps it would be easier for us to help you out if you include us in your intention with your solution. Right now you're narrowing it down a bit too much for me to give a good answer :)

     

    But ok - if I understand your nr 1 question correctly you have a clearpass that hosts multiple sites. If I register on Site 1, and then arrive on Site 2 later that day, I get treated like it's the first time on that ClearPass.

     

    How are you treating or categorising/enforcing your "returning users" today? Knowing that can lead us closer to a solution.

     

    It really shouldn't be that hard to implement, but it might cause some user-issues..

     

    Username need to be different, so add in prefix+random-number as username.

    If you're doing MAC-auth, that too will be solved by site-unique usernames..

     

    For question 2 - depends on what you want to accomplish ;)



  • 4.  RE: Guest accounts via clearpass

    Posted Mar 29, 2014 07:11 AM

    I would like users to have to sign up via both pages if they access them via Captive portal authentication profiles that point to the two different clearpass pages. Imagine a clearpass device shared between two completely separate companies - if a user signs up on one they should not automatically have access when hitting the other. So I'm trying to block access.

     

    The two clearpasses would not have a common IP address, they would be separate. Currently using two Amigopods for separation but I am wondering whether one Clearpass could do the job. As the same user could appear on both setups the users details would be the same



  • 5.  RE: Guest accounts via clearpass

    EMPLOYEE
    Posted Mar 29, 2014 07:44 AM

    .