Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authenticated 3 categories of devices with clearpass on one SSID

This thread has been viewed 2 times

  • 1.  Authenticated 3 categories of devices with clearpass on one SSID

    Posted Nov 03, 2017 05:21 AM

    Hello,

    We have a customer who need to return specific role following devices :

    - devices in AD
    - devices in Airwatch
    - others devices

    How we can do that with 1 SSID ? Actualy they use forescout and virtual firewalling to do that.
    With Aruba controller and clearpass we need to use aruba role returned by clearpass.
    - 802.1x : If we use 802.1x we will have problem with "others devices" because we don't know these devices and we can't setup properly wifi profile.
    - Mac-authentification : Maybe is possible to cheat with mac-authentification. Force client to pass go throught clearpass but is it possible to have mac-auth always true (maybe with time source or other authentification source)?
    - Captive portal : Need licence and it needs to be transparent (use auto login)

    What do you think ? have you any ideas ?

    Thanks for your help



  • 2.  RE: Authenticated 3 categories of devices with clearpass on one SSID
    Best Answer

    EMPLOYEE
    Posted Nov 04, 2017 09:13 AM

    You will need more than one SSID.  If a device cannot use 802.1x, you need to probably setup a second SSID that uses WPA2-PSK for those devices.

     

    You will then need to possibly layer mac authentication on top of that with clearpass to whatever database you have.