Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Self Provisioned Guest Access
Self-provisioned access is similar to sponsored guest Someone who is permitted to access the enterprise network or Internet through your Network Access Server. Also, as ClearPass Guest, a configurable ClearPass module for secure guest network access management. Access permissions are controlled through an operator profile that can be integrated with an LDAP server or Active Directory login. access, but there is no need for an operator Person who uses ClearPass Guest to create guest accounts or perform system administration. ClearPass Guest operators act as sponsors for guest access. to create the account or to print the receipt. The following figure shows the process of self-provisioned guest access.
Figure 1 Guest Access When Guest is Self-Provisioned
The guest logs on to the Network Access Server (NAS) Device that provides network access to users, such as a wireless access point, network switch, or dial-in terminal server. When a user connects to the NAS device, a RADIUS user authentication request (Access-Request) is generated by the NAS. (NAS Network Access Server. Device (such as a wireless access point, network switch, or dial-in terminal server) that provides network access to users. When a user connects to the NAS device, a RADIUS user authentication request (Access-Request) is generated by the NAS.), which captures the guest and redirects them to a captive portal Web page requiring users to authenticate and sign in before connecting to a public network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. ClearPass supports the creation of a captive portal policy for use as a downloadable role enforcement profile for supported device types. login page. From the login page, guests without an account can browse to the self-registration page, where the guest creates a new account. At the conclusion of the registration process, the guest is automatically redirected to the NAS to log in.
The guest can print or download a receipt, or have the receipt information delivered by SMS Short Message System; a method for delivering short messages (up to 140 characters) to mobile phones. or email.
The NAS performs authentication Verification of a user’s credentials. Typically accomplished with a username and password, a one-time token, or a digital signature. and authorization Controls the type of access an authenticated user is permitted to have based on the user's authentication type. for the guest in ClearPass Guest. After authorization, the guest is able to access the network.
See Customizing Self-Registration for details on creating and managing self-registration pages.
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!