12-10-2015 02:01 PM
Currently we are running Clearpass with mobility controllers at our branch offices. We are using PEAP for the company owned laptops to connect. We require an active directory username/pass in order to connect. The problem is, personal devices are able to connect to the company wifi as long as the employee has a username/pass. we are looking for a way for the laptops to connect (cert maybe?) AND company smart devices but not personal devices to connect (laptop or smart device). also dont want the employees to have to enter their creds. We have tested Airwatch/Clearpass integration and only allowed Airwatch enrolled smart devices to connect, however we are moving away from Airwatch so this wont work. we have also tested Onboarding but that requires the user to enter username/pass?? is there a way for the users to conveniently connect but securely???
12-10-2015 02:02 PM
Onboarding requires an Initial username and password. After that, the certificate can be used.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
12-10-2015 02:02 PM
You can use machine authentication on the laptop side which will only allow devices on that authenticate with their machine account to the domain.
For mobile devices, you still need an authoritative source of what is corporate owned and what is not. Are you moving to another MDM?
12-10-2015 02:07 PM
OK, then you can manually mark the corporate devices in the endpoints repository or possibly export a list out of InTune.
12-11-2015 08:17 AM
we come to terms and are ok with an intitial prompt for username/pass but how can we avoid AD users connecting with their personal devices? currently, we have the provisioning profile configured for an allowed AD group.
12-11-2015 10:16 AM
corporate vs personal.
- Manual endpoint updates
- Information from MDM
- SQL connection to asset database