Security

Reply
New Contributor

Authenticated 3 categories of devices with clearpass on one SSID

Hello,

We have a customer who need to return specific role following devices :

- devices in AD
- devices in Airwatch
- others devices

How we can do that with 1 SSID ? Actualy they use forescout and virtual firewalling to do that.
With Aruba controller and clearpass we need to use aruba role returned by clearpass.
- 802.1x : If we use 802.1x we will have problem with "others devices" because we don't know these devices and we can't setup properly wifi profile.
- Mac-authentification : Maybe is possible to cheat with mac-authentification. Force client to pass go throught clearpass but is it possible to have mac-auth always true (maybe with time source or other authentification source)?
- Captive portal : Need licence and it needs to be transparent (use auto login)

What do you think ? have you any ideas ?

Thanks for your help

Guru Elite

Re: Authenticated 3 categories of devices with clearpass on one SSID

You will need more than one SSID.  If a device cannot use 802.1x, you need to probably setup a second SSID that uses WPA2-PSK for those devices.

 

You will then need to possibly layer mac authentication on top of that with clearpass to whatever database you have.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: