07-20-2015 03:20 PM
Thank you in advance, my google-fu is lacking... We've got two Aruba 7210 controllers and Clearpass and everything works ok for user auth for our 802.1x SSID....the problem comes in when we want to say, "allow THIS iPad on the wifi but not this other one."....we have iPads, android phones, iphones, windows laptops, TI-82 calculators (jk), etc. but we do not currently have a MDM solution to easily put certs,etc on these devices. Our clearpass endpoint database is filling up with tons of devices and I see where you can mark them "known" or "unknown" but I don't see how to give the user/device a different role based on the device they are on. Also, can we do anything with "device profiling" so it is a little more secure than just mac-address authentication only? Hope that makes sense, thanks.
Solved! Go to Solution.
07-20-2015 03:22 PM
07-20-2015 03:27 PM
The company I work for would buy a bunch of devices (ipads, android phones, etc) and we would only want these phones to get on the corp network, so like get the "corp" role...but if the same user signed on with their personal ipad they should only get the guest role...hope that makes sense, thanks.
07-20-2015 03:29 PM
07-20-2015 03:31 PM
Ok, thanks. yes I was trying to avoid certs for now due to the myriad different devices but is there a way to also use clearpass "profiler" so that someone couldn't spoof an android mac address on their windows laptop? So for example, only allow this mac address on if the device fingerprint matches what is in the clearpass endpoint db (Andoird OS, version, etc.)..
07-20-2015 03:35 PM
Profile conflicts really come into play when a device category changes. Like "Computer" becoming a "Printer"
Certs really is the only secure, reliable way.
07-20-2015 03:41 PM