11-03-2017 02:21 AM
We have a customer who need to return specific role following devices :
- devices in AD
- devices in Airwatch
- others devices
How we can do that with 1 SSID ? Actualy they use forescout and virtual firewalling to do that.
With Aruba controller and clearpass we need to use aruba role returned by clearpass.
- 802.1x : If we use 802.1x we will have problem with "others devices" because we don't know these devices and we can't setup properly wifi profile.
- Mac-authentification : Maybe is possible to cheat with mac-authentification. Force client to pass go throught clearpass but is it possible to have mac-auth always true (maybe with time source or other authentification source)?
- Captive portal : Need licence and it needs to be transparent (use auto login)
What do you think ? have you any ideas ?
Thanks for your help
Solved! Go to Solution.
11-04-2017 06:13 AM
You will need more than one SSID. If a device cannot use 802.1x, you need to probably setup a second SSID that uses WPA2-PSK for those devices.
You will then need to possibly layer mac authentication on top of that with clearpass to whatever database you have.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide