Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboard - Sponsorship only for certain device types.

This thread has been viewed 0 times

  • 1.  Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 06:47 AM

    Don't think this is possible, but will ask the question anyway.

     

    Customer want the onboarding process to have a sponsorship approval, but only for Windows devices like laptops.  Other Android and iPhone etc will proceed without the need for approval.

     

    Is it possible?



  • 2.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 06:58 AM
    I think this would be an RFE. It's all or nothing today. 

    One workaround would be to use the ClearPass and controller device profiles to assign a different provisioning profile. One that has sponsorship enabled and one without. 


    Thanks, 
    Tim


  • 3.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 07:25 AM

    Yeah, that's exactly what I started thinking after I posted.  It does rely on the device being profiled first though.

     

    We are using a link in the guest page to redirect to the onboard portal.  Could maybe put another link in there that redirects to a different provisioning profile.  That should work.



  • 4.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 07:27 AM
    For stuff like this, I tend to use the Aruba-Device-Type VSA from the RADIUS
    request along with the ClearPass profile data.


  • 5.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 07:29 AM

    That's awesome.  I've never used that attribute.

     

    :-)



  • 6.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 07:57 AM

    Interestingly, when sponsorship enabled, there is nowhere to put in the sponsor_email in the portal page.

     



  • 7.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 08:03 AM

    Michael_Clarke,

     

    Which portal page?  sponsor_email is a field that can be added to the page or hardcoded.  It is not something that happens automatically.

     



  • 8.  RE: Onboard - Sponsorship only for certain device types.

    EMPLOYEE
    Posted Sep 24, 2015 08:08 AM

    The 'Register you device' page.  I thought that enabling sponsorship would add a place for them to put the sponsor_email.  I can hard code it though which is probably better.