Security

Reply

Clearpass tablets smartphones and company devices rules

Hello

I got a requirement of a company which he wants the fallowing

 

If the computer is on the Active directory  he has a role which can access everything

if the user has a tablet with android or a smartphone with his user and password of AD he just got internet

 

I know how to do this but my issue is the fallowing i know how to do it by doing it by operating system...

If it android IOS well just the role of just internet

If its windows then allow it to the internal network

 

But then if it comes with awindows 8 tablet or windows 7 tablet a personal one then he will have access


How can i do that just the laptops that are on active directory are the ones that can have access to the internal network...

and if they client brings a computer a personal one that is a windows 7 he does not have access maybe just access to intenret...

 

I tihink it can be done but what paramethers i should use on the service so it can be done correctly

 

Thanks

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Clearpass tablets smartphones and company devices rules

 

You can definetily do this .

 

We are currently doing something similar where we match an AD group in combination with the device type and place it in a Role/VLAN on the controller and we are still using the same SSID/Clearpass service

 

You can use a combination of this :

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/CPPM-RADIUS-Authenticatiion/m-p/87764#M2875

 

With this :

 

ClearPass Policy Manager - Aruba Networks_2013-07-31_15-26-22.png

 

And you can create a role mapping matching the win 7 devices or win 8 and you can place this in different roles in the controller

 

ClearPass Policy Manager - Aruba Networks_2013-07-31_15-31-23.png

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Clearpass tablets smartphones and company devices rules

On top of the AOS device type, you can also reference the ClearPass endpoint profiling dataL

 

endpoint db.png

 

You could also do machine authentication which can authenticate the computer against AD instead of or along with the user.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Clearpass tablets smartphones and company devices rules

If you are talking only Domain Computers having full access, then you can use the [Machine Authenticated] attribute.  Since personal devices are most likely not going to be joined to the domain, that would eliminate them as [Machine Authenticated] right off the bat without any worry about ensuring that the device has been profiled.

--
Jeremy R. Wirtz
WLAN Systems Engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: