I have Clearpass as well as mobility controllers with 350 AP's. Is there a easy way to disable devices from connecting to the wifi? we have AD policies requiring users to change their password every 90 days.. they forget to change their wifi password on their smart device (BB, Android, iPhone) and their account gets locked out and someone from the service desk needs to unlock. Clearpass gave us the ability to find the source of the lockout but still cumbersome. Can I revoke this globally?
Also if you are running aruba controllers you can enable the blacklist for failed auths
For example: you can blacklist anyone that failed authentication 4 times so if your AD has a 5 failed auth limit they will not lock up the AD account.
yes, I have aruba controllers... once the client fails auth 4 times.. it will not allow them to connect? does it blacklist it for good? because once they fix their password issue, I want them to connect again.
I enabled this, however, lockout clients are are still attempting to connect. is there something else that needs to be enabled?
Do you have station blacklisting enabled in your virtual-ap?
yes
does anything need to be enabled here?
i don't believe so. is it still not working? have you tested it yourself to see if you get on the blacklist?
Yes, I have this working.. works great.. just enabled it on the controller with a timer.
The problem with onboarding is that they are already company provisioned devices (MDM = Airwatch)..also Blackberry is not supported and I would have to create a separate SSID for mobile devices because we have company laptops connecting already. I dont want cert based auth for laptops.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.