Security

Reply
Contributor I
Posts: 64
Registered: ‎06-07-2014

CPPM onboard query!

Hi all,

 

In cppm i can create policy that if a user brings in his Company owned laptop which happens to be windows laptop, enforce a certain policy. What if a user brings another laptop which is not company owned laptop but again is windows based?

 

What my requirement is that a user should only be allowed to onboard company owned windows laptop and not any other windows laptop? How can we achive this by CPPM without any mac based enforcement(as mac can be easily spoofed).

 

Thanks.

Guru Elite
Posts: 20,017
Registered: ‎03-29-2007

Re: CPPM onboard query!

You can configure company-based laptops to perform machine authentication, and that problem goes away.  Non-company laptops cannot successfuly machine authenticate.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Regular Contributor II
Posts: 223
Registered: ‎10-29-2014

Re: CPPM onboard query!

You can do that by Enabling machine authentication, so clearpass will allow access for domain laptop/desktop only.

HTH
Cheers
SumaN
Guru Elite
Posts: 7,869
Registered: ‎09-08-2010

Re: CPPM onboard query!

Why not push out certificates via Group Policy? This way you know it is absolutely corporate owned?

Onboard is really designed for BYOD.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 64
Registered: ‎06-07-2014

Re: CPPM onboard query!

[ Edited ]

Hi colin..thanks for your reply.

 

Can you please help me where I can enable this setting(enable machine auth) in CPPM.

Guru Elite
Posts: 7,869
Registered: ‎09-08-2010

Re: CPPM onboard query!

Machine authentication is a client side configuration. There are some considerations when using machine auth for something like this. Are you working with an Aruba or partner engineer?


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 64
Registered: ‎06-07-2014

Re: CPPM onboard query!

Hi Suman, thanks a lot for your reply....the manual creation on SSID profile in end client devices, can we push this configuration from AD to all the end clients or we need to manually create this on each and every device? if yes I would really appreciate if you can help me with the steps for the same.thanks

Regular Contributor II
Posts: 223
Registered: ‎10-29-2014

Re: CPPM onboard query!

Guru Elite
Posts: 7,869
Registered: ‎09-08-2010

Re: CPPM onboard query!

If you have group policy control over these devices, why not push
certificates down directly instead of going through the Onboard process?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: