Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

wifi internet access to guest users and full access to access to domain users

SOLVED
Go to solution
ehteshamali_
New Contributor
‎08-27-2012 10:54:AM
‎08-27-2012 10:54:AM

wifi internet access to guest users and full access to access to domain users

Hi all ,

 

we are using SBR appliance version 5.4 , and want to implement the following policy ...

 

When users laptop is joined to a domain then he has internet +LAN access . else if it is non-domain laptop (guest) , we want to restrict his only to inernet .

 

iam not sure how to change eap.ine file to reflect  above policy ...

 

Any thoughts on using which EAP flavor and also EAP.ine  changes..as well.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
kalagesan_
Super Contributor
‎08-27-2012 08:25:PM
‎08-27-2012 08:25:PM

Re: wifi internet access to guest users and full access to access to domain users

Hi,

I understand that you are using SBR appliance version 5.4.

You requirement is, "When users laptop is joined to a domain then he has internet +LAN access .
if it is non-domain laptop (guest),we want to restrict his only to inernet .


The eap.ini configuration file configures only the sequence in which EAP authentication types are tried when authenticating users by means of the different Steel-Belted Radius authentication methods.You need to select the authentication methods as windows domain user first followed by Native user in order of methods under Authentication policies

in SBR admin GUI.


You can configure a profile that is to be used to select attributes
sent back on an Access-Accept.Create 2 profiles one for domain and other guest user.Map the profile appropriately with domain and native user

and native user.

The Profiles configuration in SBR lets you define sets of checklist and return list
attributes.You need map these attributes in your switch appropriately to assign the VLAN based
on the return attributes for .1x authentication.


Hope this clarifies your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan.

 

View solution in original post

0 Kudos
Reply
3 REPLIES 3
kalagesan_
Super Contributor
‎08-27-2012 08:25:PM
‎08-27-2012 08:25:PM

Re: wifi internet access to guest users and full access to access to domain users

Hi,

I understand that you are using SBR appliance version 5.4.

You requirement is, "When users laptop is joined to a domain then he has internet +LAN access .
if it is non-domain laptop (guest),we want to restrict his only to inernet .


The eap.ini configuration file configures only the sequence in which EAP authentication types are tried when authenticating users by means of the different Steel-Belted Radius authentication methods.You need to select the authentication methods as windows domain user first followed by Native user in order of methods under Authentication policies

in SBR admin GUI.


You can configure a profile that is to be used to select attributes
sent back on an Access-Accept.Create 2 profiles one for domain and other guest user.Map the profile appropriately with domain and native user

and native user.

The Profiles configuration in SBR lets you define sets of checklist and return list
attributes.You need map these attributes in your switch appropriately to assign the VLAN based
on the return attributes for .1x authentication.


Hope this clarifies your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan.

 

0 Kudos
Reply
ehteshamali_
New Contributor
‎08-28-2012 09:52:AM
‎08-28-2012 09:52:AM

Re: wifi internet access to guest users and full access to access to domain users

Hi Kannan ,

 

Very informative response. i guess i need to set up in the following way.

 

1) For guest users with non -domain & unupdated anitvirus , etc i need t  create a " Native user" and when authentication is accepted , it must return a profile to Aruba controller that allows only "internet" access ie filtering access to private space.

 

2) For doamin conntected users with valid certificates , when authenticated should reply with such attributes that gives full access to LAN such as file shares , pirnters + internet .

 

please confirm my undertstanding

0 Kudos
Reply
kalagesan_
Super Contributor
‎08-28-2012 09:57:PM
‎08-28-2012 09:57:PM

Re: wifi internet access to guest users and full access to access to domain users

Hi,

 

Yes your understanding is correct.

 

NOTE:
Please mark the post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

 

Regards,

Kannan

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.