Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Basic Properties for Self-Registration
To edit the basic settings for a self-registration page, click either the Primary Enable, User Database, Choose Skin, or Rename Page links on the diagram at .
Figure 1 Customize Self-Registration, Basic Properties
|
Field |
Description |
|---|---|
|
|
(Required) Enter a name for the page. This name is seen only by administrators in ClearPass Guest. |
|
|
Optional comments or notes about the page. |
|
|
Specifies whether the self-registration is enabled or disabled for use. |
|
|
(Required) Enter the guest Someone who is permitted to access the enterprise network or Internet through your Network Access Server. Also, as ClearPass Guest, a configurable ClearPass module for secure guest network access management. Access permissions are controlled through an operator profile that can be integrated with an LDAP server or Active Directory login. registration page name (filename) that will appear in the URL Uniform Resource Locator. A global address used for locating web resources on the Internet.-- for example, "register_page_name". |
|
|
To use the settings from a previously configured self-registration page, select an existing page name from the drop-down list. This is useful if you need to configure multiple registrations. You can override parent page values by editing field In a database or a user interface, a single item of information; attribute. values yourself. To create a self-registration page with new values, select the Self-Registration (guest_register) option from the Parent field drop-down menu. |
|
|
If the standalone self -registration (No parent- standalone) option was selected in the field, the option is available. You can configure this setting so that registrants have to pay for access. |
|
|
(Required) The service handler used to create the self-provisioned guest accounts. |
|
|
(Required) Skin to use for the Web page. Options include the following skins: Default Aruba ClearPass Skin Blank Skin ClearPass Guest Skin Custom Skins 1 through 16 Galleria Skins 1 through 16 |
|
|
Enables bypassing the Apple Captive Network Assistant (CNA Apple Captive Network Assistant. Pop-up browser shown when joining a network that has a captive portal.). The CNA is the pop-up browser shown when joining a network that has a captive portal Web page requiring users to authenticate and sign in before connecting to a public network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. ClearPass supports the creation of a captive portal policy for use as a downloadable role enforcement profile for supported device types.. This option might not work with all vendors; it is dependent on how the captive portal is implemented. |
|
|
If the check box is selected, the self-registration page will not be translated and will keep the default text. |
When you complete the area and click , the form Interactive page in the application where users can provide or modify data. expands to include the area, where you can specify access restrictions for the self-registration page.
Figure 2 Customize Self-Registration, Access Control Area
|
Field |
Description |
|---|---|
|
|
To require an operator Person who uses ClearPass Guest to create guest accounts or perform system administration. ClearPass Guest operators act as sponsors for guest access. to log in with their credentials before they can create a new guest account, select the Require operator credentials prior to registering guest check box in this row. The sponsor Person who uses ClearPass Guest to create guest accounts or perform system administration. ClearPass Guest operators act as sponsors for guest access.’s operator profile Characteristics assigned to a class of operators, such as the permissions granted to those operators. must include the privilege. If you choose this option, the authenticated page it produces for creating accounts is very simple, and does not include navigation or other links that would otherwise be available in the operator user interface. |
|
|
The IP addresses and networks from which access is allowed or denied (IPv4 and IPv6 are both supported). These access control lists determine whether a client In a server-client relationship, the client is a device or appliance that relies on the server for information, access, or other actions. Same as supplicant. is permitted to access this self-registration page. You can specify multiple IP addresses and networks, one per line, using the following syntax : 1.2.3.4 – IP address 1.2.3.4/24 – IP address with network prefix length 1.2.3.4/255.255.255.0 – IP address with explicit network mask |
|
|
|
|
|
(Required) The response shown to the user if their request is denied. Options in this drop-down list include:
|
|
|
The Time Access field allows you to specify the days and times that self-registration is enabled. Times must be entered in 24-hour clock format. For example: Mondays, Wednesdays and Fridays, 8:00 to 17:00 Weekdays, 6:00 to 18:00 Weekends 10:00 to 22:00 and Thursday 11:00 to 13:00 |
Access Control Rules
The access control rules will be applied in order, from the most specific match to the least specific match.
Access control entries are more specific when they match fewer IP addresses. The most specific entry is a single IP address (for example, 1.2.3.4), while the least specific entry is the match-all address of 0.0.0.0/0.
As another example, the network address 192.168.2.0/24 is less specific than a smaller network such as 192.168.2.192/26, which in turn is less specific than the IP address 192.168.2.201 (which may also be written as 192.168.2.201/32).
To determine the result of the access control list, the most specific rule that matches the client’s IP address is used. If the matching rule is in the Denied Access field, then the client will be denied access. If the matching rule is in the Allowed Access field, then the client will be permitted access.
If the Allowed Access field is empty, all access will be allowed, except to clients with an IP address that matches any of the entries in the Denied Access field. This behavior is equivalent to adding the entry 0.0.0.0/0 to the Allowed Access field.
If the Denied Access list is empty, only clients with an IP address that matches one of the entries in the list will be allowed access. This behavior is equivalent to adding the entry 0.0.0.0/0 to the Denied Access list.
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!