11-03-2017 02:21 AM
We have a customer who need to return specific role following devices :
- devices in AD
- devices in Airwatch
- others devices
How we can do that with 1 SSID ? Actualy they use forescout and virtual firewalling to do that.
With Aruba controller and clearpass we need to use aruba role returned by clearpass.
- 802.1x : If we use 802.1x we will have problem with "others devices" because we don't know these devices and we can't setup properly wifi profile.
- Mac-authentification : Maybe is possible to cheat with mac-authentification. Force client to pass go throught clearpass but is it possible to have mac-auth always true (maybe with time source or other authentification source)?
- Captive portal : Need licence and it needs to be transparent (use auto login)
What do you think ? have you any ideas ?
Thanks for your help
Solved! Go to Solution.
11-04-2017 06:13 AM
You will need more than one SSID. If a device cannot use 802.1x, you need to probably setup a second SSID that uses WPA2-PSK for those devices.
You will then need to possibly layer mac authentication on top of that with clearpass to whatever database you have.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.