Security

Reply
Occasional Contributor II
Posts: 51
Registered: ‎12-16-2014

Designated Devices Get an Exclusive Role - Clearpass, Controllers, Certs....

Hello, thank you in advance...I'm in over my head here.  We have two Aruba 7210 controllers (master/local) plus one Clearpass VM with only the following clearpass licenses:

 

clearpasslicenses.PNG

We have a wifi SSID set up with WPA2-AES and 802.1x and users sign on to the wifi SSID using their Active Directory username and password.  It works ok.  We also have windows active directory computers signing on to the wifi and authenticating as a computer and that seems to work ok.  The problem is how do we do this same type of machine authentication for android, iphone, apple and other devices?  I know we could do mac-address authentication but I'm trying to avoid that.  Basically what we are trying to accomplish is this:

  • If userA signs on to the wifi while on a managed, company-owned device then they get this "corp" role.
  • If userA signs on to the wifi while on their personal device they get a "guest" role.

I'm not sure how to enforce machine authentication on non-windows devices.  I also noticed my android phone doesn't even attempt machine authentication, only user.  So it further muddies the water.  I looked into EAP-TLS and putting certs on the devices but there's a deluge of info out there and not so many  real-world tutorials of how to set this up using Active Directory, Clearpass and Aruba controllers.  Any help would be appreciated, thanks.

 

Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: Designated Devices Get an Exclusive Role - Clearpass, Controllers, Certs....

Are you working with an Aruba ClearPass partner? This is a pretty involved configuration.

Only Windows machines joined to a domain can machine auth (although there are some workarounds for Mac OS).



Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 51
Registered: ‎12-16-2014

Re: Designated Devices Get an Exclusive Role - Clearpass, Controllers, Certs....

We bought all our Aruba gear (a ton!) from CDW....I'm thinking we may need to hire them or something....thanks.

Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: Designated Devices Get an Exclusive Role - Clearpass, Controllers, Certs....

If you are not familiar with ClearPass, it would be best to work with a partner. There are a lot of design discussions that need to happen prior to setting all of this up.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: