04-08-2014 01:57 PM
I'm very new to Aruba and enterprise wifi, as a whole. I've searched the boards and found a couple posts, but the information doesn't seem to match what we have going here.
We are a smallish private liberal arts college. (Enrollment about 1300) Right now, I have a network running that is secure with 802.1x authentication against our Domain Controllers.
I have a guest network that has captive portal with email registration.
We are running Aruba 7220 conrollers, a mix of 105 and 135 APs, and Clearpass with Clearpass Guest. We also use AirWave for monitoring.
I am looking to set up a 3rd SSID to handle "dumb" devices. This would include Chromecast devices, wireless webcams and video game consoles. Is it best to put that traffic on it's own SSID, or use roles to lump that in on the Guest? If the latter, does anyone have any guidance they can point me towards on how to modify my existing rules to allow that? If the prior, Is it just setting up another SSID in my controller?
04-08-2014 01:59 PM - edited 04-08-2014 01:59 PM
You would use an existing open or PSK network. A separate SSID is not necessary. ClearPass guest has a "Guest Device" (MACTrac) feature which allows you to manually register devices that are not 802.1X or browser capable. When those devices authenticate to the network via MAC-Auth, they bypass the captive portal and are assigned the appropriate role.
04-08-2014 01:59 PM
But I've also come across where it was stated that current best practice is not levaraging more than 2 networks?
04-08-2014 02:01 PM
You should design your networks based on encryption type/authentication type. (WPA2-Enterprise 802.1X, WPA2-PSK, open)
All of the other magic can be done on the backend in ClearPass.
04-08-2014 02:32 PM
It simply returns the user role "GAME-CONSOLE" to the controller. You can then create firewall rules in that role on the controller (or the controller can download them from ClearPass)