We are very new to clearpass. We know that it will do a ton, but to start this is really all we want it to do... All advice is appreciated.
We have a network for staff owned mobile devices. Right now, they bring us their new toy and we enter the mac address in an internal db on the Aruba controller. Simple, but time consuming.
What we want clearpass to do is this.
User brings device on campus --> Attempts to join the staffmobile network (currently connected via Radius 802.1x i.e. they get prompted for AD credentials and get a certificate delivered to them once their device mac has been added by us manually).
We want them to be prompted for a screen pop upon attempting to join the staffmobile network where they have the opportunity to add their device, after authenticating to AD via the clearpass portal. Once the device is added, they are good to go.
Right now this is what is happening... User connects device to staffmobile --> prompted for username and password --> get the certificate pushed and they accept. --> They get an ip, but can't browse anything --> No screen pops, but if they eventually try to use a browser on the device, it redirects them to the clearpass guest "Operator Login" screen. --> They have to enter their AD credentials AGAIN...and log in. At this point they can register the device.
It seems like this is harder than it needs to be. What are we doing wrong here? Does the network still need to be 802.1x if we are doing mac addr authentication? Would an open network cause the devices to screen pop automatically?
And even then, we don't know how to customize the screens. Ugh. So much stuff to learn. Powerful, but not easy.
Thanks for any help you can provide.
EDIT (I guess this means we are using the MacTrac functionality, although I can't honest tell how to determine that vs. regular guest access)