Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Authenticating to a PSK SSID using Airgroup registration mac address

This thread has been viewed 0 times

  • 1.  Authenticating to a PSK SSID using Airgroup registration mac address

    Posted Jun 15, 2018 04:48 AM

    We're planning on creating a PSK wifi network for all those (airgroup) devices that do not support WPA2-Enterprise

     

    The initial plan was

     

    1). Have a silly PSK for the SSID ( its going to be advertised everywhere)

    2). use the API set to register client device in a static host list

    3). Auth SSID against static host list

    4). Use DHCP signatures to restrict who can connect to it ( e.g. if macOS,iOS,Windoze Linux then you should be using dot1x) 

     

    However thei can se devices will probalby want to do "airgroup stuff" so was wondering if I can kill 2 birds with one stone and have an aurthentication source use the airgroup registration details to connect devices to the SSID. 

     

    There's a [guest device repository] auth source that has lots of SQL statements in it. Could we use that to auth airgroup users to an SSID, or will the SQL need some "tweaking" ?



  • 2.  RE: Authenticating to a PSK SSID using Airgroup registration mac address

    Posted Jun 15, 2018 05:21 AM

    And the answer of course is yes you can. 

     

    Removing all auth sources apart from the guest device repository auth soruce and registering my iPhone in clearpass guest connects me to our PSK with a role *(amongst others) of [Guest] 

     

    So we can "turn the handle" and apply enforcement policies as appropriate.

     

    Simples!