AAA, NAC, Guest Access & BYOD

How to provide differenet configuration profile based on the device type during OnBoard
Requirement:

We might need to push different configuration profile for users based on the device type while OnBoarding

For example iOS devices need to have a Passcode Policy but not for MAC OS X.

 



Solution:

We can achieve this by pushing different configuration profiles during Application Authorization request based on the Device-Name, we can send a ClearPass:Configuration-Profile-ID attribute in Enforcement Profile.



Configuration:

Configure a Passcode Policy under Onboard » Configuration » iOS Settings

 

Now we need to map the above configured iOS setting to the Configuration profile. Create a new Configuration profile for iOS devices and map the passcode policy as below

 

We will have the Default configuration profile that has only Networks and another Configuration profile and iOS configuration profile that has Networks and Passcode Policy.

We will have the Default configuration profile in the Provisioning settings as all devices except iOS devices will get that profile.

In Policy Manager we ned to create an Enforcement profile for iOS devices.

 

When we edit the configuration profile, it will show the id in the URL as below

 

The Enforcement policy conditions should be as below

 

 

 



Verification

The following iOS device gets a different Enforcement profile that satisfied the above Enforcement policy conditions

Version History
Revision #:
2 of 2
Last update:
‎03-17-2017 04:37 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.