Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎12-02-2013

How to prevent onboarded user devices to connect to onborading SSID

Hello,

 

After having been onboarded, from time to time users get automatically connected back to the onboarding (open) SSID and have to manually reconnect their device (IOS or Android) to the protected SSID. Is there a way to prevent that ?

 

ArubaOS 6.4.2.2

CPPM 6.4.0.66263

 

Many thanks in advance,

 

Jan

Guru Elite
Posts: 8,000
Registered: ‎09-08-2010

Re: How to prevent onboarded user devices to connect to onborading SSID

You can assign a role or stop them from getting an IP but unfortunately there is nothing to stop the client from associating as its a client decision.

Sent from Nine<>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 366
Registered: ‎01-14-2010

Re: How to prevent onboarded user devices to connect to onborading SSID

Hi JSkrivervik,

 

I've seen this before as well. What are you using to make a decision on what's a BYOD device? It might be worthwile to have a line that says EAP-TLS connections are given a specific BYOD user role. Like Tim mentioned, if the user is not presenting an EAP-TLS connection to Clearpass, it's on the client. But, if you're differentiating traffic based on an iOS, Android, etc., you may want to look at Access Tracker and see if that is coming up as the right device type. I saw this once with a customer and there was an issue with DHCP relaying and Clearpass wasn't profiling the device correctly.

 

Hope it helps!

 

-Mike

Occasional Contributor I
Posts: 6
Registered: ‎12-02-2013

Re: How to prevent onboarded user devices to connect to onborading SSID

OK, many thanks to both of you for your input.

 

Jan

Search Airheads
Showing results for 
Search instead for 
Did you mean: