Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CORP SSID redirect for cert carrying/onboarded devices when attempt to associate to GUEST SSID

This thread has been viewed 0 times

  • 1.  CORP SSID redirect for cert carrying/onboarded devices when attempt to associate to GUEST SSID

    Posted May 24, 2016 01:14 AM

    As per subject,

    If a device is carrying organisation certificate or CPPM OnBoard certificate and attempt to associate to a GUEST SSID (where security is less, say on Internet traffic, not behind organisation content filter, etc) can one force them to associate to CORP SSID ?



  • 2.  RE: CORP SSID redirect for cert carrying/onboarded devices when attempt to associate to GUEST SSID
    Best Answer

    EMPLOYEE
    Posted May 24, 2016 01:37 AM
    No. when a device connects to an open SSID they do not present the cert so CPPM would not know if it is a onboard cert, BUT you can add an attribute to the device when its onboarded and when they connect to the guest SSID (Mac Auth) then you can force them to a captive portal stating they are connected to the wrong SSID.

    Tim did a great how to a few years ago that is still relevant.

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Using-ClearPass-to-steer-users-to-secure-networks-mhc/m-p/144823


  • 3.  RE: CORP SSID redirect for cert carrying/onboarded devices when attempt to associate to GUEST SSID

    Posted May 24, 2016 01:49 AM

    Brilliant.. exactly what i'm after.  Thankyou.