Security

Reply

Onboarding IOS Devices with Single SSID

Hi All,

 

I've got clearpass configured to onbaord IOS devices using a single SSID.This works fine but what I'd like to happen is at the endof the onbaording process for the iPad to be in the correct role.

 

I'm sure I can do this with a RADIUS CoA right?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: Onboarding IOS Devices with Single SSID

Nevermind, I think I've got it.

I'll just add a CoA to my byod role on the Onboard Authorisation service.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba

Re: Onboarding IOS Devices with Single SSID

James,

 

Make sure in your controller you enable the add switch ip. If that is not checked then the auto reconnect or the connect button will not show up. You should not have to set a bounce for IOS devices.

 

 

 

screenshot_13 Oct. 11 00.28.gif

 

 

screenshot_14 Oct. 11 00.38.gif

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP

Re: Onboarding IOS Devices with Single SSID

As tarnold says, you do not need to configure the coa manualy anywhere. It is 'hardcoded' in the process.

You do need to make sure however that your coa is received correctly on your controllers.

 

Check this with the following commend: show aaa rfc-3576-server statistics.

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II

Re: Onboarding IOS Devices with Single SSID

Hi,

 

I'm looking to do the same sort of configuration, I have CP working for provisioning but I can't see to get the two roles working depending on if you join the SSID via AD credentials or join the same SSID with TLS and a provisioned cert.

 

Effectivitly AD auth -> provisioning role and redirect to CP device enrollment page

EAP-TLS -> auth certificate -> full access role

 

Is there a guide I can follow?

 

 

Aruba

Re: Onboarding IOS Devices with Single SSID

https://ase.arubanetworks.com/solutions/id/34
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: