Captive Portal & Identifying Guests?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Captive Portal & Identifying Guests?

L1 Bithead

Hello,

We have a guest network with a constant rotation of mobile phone users. Is there a way to collect some information about who these devices belong to, such as forcing the user to enter their e-mail or company name? Perhaps using the Captive portal? We need some way of identifying unauthenticated users.

2 REPLIES 2

L4 Transporter

Captive portal would require successful authentication which means accounts have to exist somewhere. I don't know of any off the shelf solutions that you can plug in (there may very well be one), but you could probably fairly 'easily' create some sort of homebrew solution such as a registration service (that you could link to from the captive portal page) that could accept the mobile number as an input (and whatever else) and possibly even tie integration into an SMS service such as nexmo so the user would receive a one time code to validate the number, then create a temporary account in a database and use that to authenticate against Palo Alto via LDAP or whatever.

 

that's what immediately comes to mind, though what usually comes to my mind immediately is often overlooking an even more simple approach.

 

ETA: If you went with the SMS approach, you could probably even have the backend script automatically update PA's UserID via the XML API directly, then redirect back to the internet where hopefully PA has the user already identified.

 

If the user has javascript enabled, you could probably avoid the captive portal page altogether by simply setting the window location url directly and redirect to the custom script without user intervention.

--
CCNA Security, PCNSE7

L4 Transporter

Hi,

 

Do you have an enterprise wifi? At my work, we started feeding ip address/username associations from Clearpass (Aruba Networks wifi) to our firewalls and it is so much better than having to dig through authentication logs to find out who did what.

 

Benjamin

  • 3180 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!