Security

Hi,

I have configured the atuthenitcation for internal client with Active directory credential.

My customer have a policy to change user password every 3 month.

 

For window pc there isn't issue but for mobile device yes.

The mobile device store old credential and with their connection attempt couse the account lock.

So the idea is use a certificate for the authentication of device.

 

Can you help me to understand how i can do it?

With onboard? in this case the active directory credentrial are needed?

With an external CA?

 

Thanks in advance

For mobile devices, you should look at using Onboard as it's the quickest, most user friendly way for end users. 


Thanks, 
Tim

You can use ClearPass Onboarding and CPPM will act as the CA to hand out unique cert to each client.

 

During the onboarding process each device will install the necessary certs to do EAP-TLS authentication .

 

This is the way you could have it :

- Use your existing 802.1X PEAP authentication / ClearPass service to redirect devices (SmartDevices) to do the onboarding process .

- Once the device has completed the onboarding process then it will reauth but this time will be using  EAP-TLS.

 

Here's the ASE solution for a single SSID:

https://ase.arubanetworks.com/solution/id/34

Thanks =)

---

@victorfabian wrote:

You can use ClearPass Onboarding and CPPM will act as the CA to hand out unique cert to each client.

 

During the onboarding process each device will install the necessary certs to do EAP-TLS authentication .

 

This is the way you could have it :

- Use your existing 802.1X PEAP authentication / ClearPass service to redirect devices (SmartDevices) to do the onboarding process .

- Once the device has completed the onboarding process then it will reauth but this time will be using  EAP-TLS.

 

Here's the ASE solution for a single SSID:

https://ase.arubanetworks.com/solution/id/34

---