As one part of a simple ClearPass solution I'm trying to implement, my customer is requesting a "BYOD" SSID that will allow any unknown devices to connect, given proper AD credentials. However:
- laptops must also pass the OnGuard java applet checks (no problem)
- iPads must be allowed on the same SSID (?)
I know this could be taken care of using the Onboard solution but the customer does not want Onboard or Profile. I need to find a method to differentiate the access requests coming from iPads so they can bypass the applet as it is not supported by iOS. One idea I wanted to try was to just allow access if the authentication method was EAP-TLS. What I've read so far tells me that this would require TLS certificate provisioning on the iPad prior to authentication. Is there a more simple solution I'm missing for the CPPM to just recognize an iPad sourced request?