Security

Reply
MVP
Posts: 3,018
Registered: ‎10-25-2011

Clearpass to identify if the devices is of the company or not

is this possible?

This client would like to identify if the device belong to the company or not and then do an action for example if the laptop is from the company give him all the privileges, if its not then no.

 

I know you can  identify user, and if the user is using a laptop and also if the same user is using a smatphone, and putting differnet roles to both of them

 

But what about if i got this situation

The company has a few company smartphones, that belong to them, and they would like to identify if the:

smartphone belong to the compnay

Who is using it

And depending on both take an action i mean if it belong to the company and its a high executive, give him all access.

If its a smartphone of the company and belong to sales, give him this access

 

if it belong to the user, and he is a high executive, give him this access

and so on.

 

Is this possible?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,537
Registered: ‎03-29-2007

Re: Clearpass to identify if the devices is of the company or not

[ Edited ]

They can check for machine authentication for the laptops to check domain membership for windows devices. For mobile devices, they can either onboard them, or put the Mac addresses of company owned mobile devices into a static host list and then check the calling-station-Id (Mac addresses) of devices to see if they belong to that static host list.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: Clearpass to identify if the devices is of the company or not

Certificates would be the best route. You can use a different CA for corporate device.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 3,018
Registered: ‎10-25-2011

Re: Clearpass to identify if the devices is of the company or not

Thank you guys!!

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 3,018
Registered: ‎10-25-2011

Re: Clearpass to identify if the devices is of the company or not

Tim Question

When you say use a differnt CA for corporate

Are you suggesting of having one CA for coporate devices and one CA for non corporate devices?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: Clearpass to identify if the devices is of the company or not

Yes that's a common scenario. You could either use two different Onboard CAs or an Onboard CA for BYOD and an ADCS CA for corporate.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: