Hello, thank you in advance...I'm in over my head here. We have two Aruba 7210 controllers (master/local) plus one Clearpass VM with only the following clearpass licenses:
We have a wifi SSID set up with WPA2-AES and 802.1x and users sign on to the wifi SSID using their Active Directory username and password. It works ok. We also have windows active directory computers signing on to the wifi and authenticating as a computer and that seems to work ok. The problem is how do we do this same type of machine authentication for android, iphone, apple and other devices? I know we could do mac-address authentication but I'm trying to avoid that. Basically what we are trying to accomplish is this:
- If userA signs on to the wifi while on a managed, company-owned device then they get this "corp" role.
- If userA signs on to the wifi while on their personal device they get a "guest" role.
I'm not sure how to enforce machine authentication on non-windows devices. I also noticed my android phone doesn't even attempt machine authentication, only user. So it further muddies the water. I looked into EAP-TLS and putting certs on the devices but there's a deluge of info out there and not so many real-world tutorials of how to set this up using Active Directory, Clearpass and Aruba controllers. Any help would be appreciated, thanks.
#7210