Security

Reply
Contributor I
Posts: 90
Registered: ‎08-03-2009

PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

We have an ongoing clearpass byod deployment, How do we handle the unsupported devices like a old nokia mobile which is running symbion etc. What are the options/ best methods ?

 

I have seen provisioning a device with psk authentication in the clearpass demo( clearpass.arubademo.net) How do we implement that ?

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

The most common practice I have seen is that the company would have a separate SSID that has a PSK but also is MAC auth and profiler. That way if the key was broken you still are MAC auth the device along with profiler to make sure the device is what its saying. 

 

I guess it all comes down to do you want some kind of encryption on the wireless connection...

 

Again you are still stuck with a 3 SSIDs (Guest, BYOD, PSK) but it is a lot less than what some have out there. :)

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 90
Registered: ‎08-03-2009

Re: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

Thanks Troy, Few more clarifications 

 

How do we provision the PSK key to the client by using device provisioning,  The use case we are trying to know is below.

 

an employee who has a old nokia phone connects to the BYOD ssid , He has the AD credentials , profiling will detect it as a smart device and forwards to the  device provisioning page where it comes out that it is not a supported device.

 

Instead of that can we get him provisioned with a psk  ?  and alow him to get connected to the wifi, Instead of saying unsupported device can we foward him to a psk provisioning page..or some thing similar to that.

 

I know nokia simbion device is not supported for byod , but can we provision him with a psk profile.

 

Aji N C

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )


wifiabcd wrote:

Thanks Troy, Few more clarifications 

 

How do we provision the PSK key to the client by using device provisioning,  The use case we are trying to know is below.

 

an employee who has a old nokia phone connects to the BYOD ssid , He has the AD credentials , profiling will detect it as a smart device and forwards to the  device provisioning page where it comes out that it is not a supported device.

 

Instead of that can we get him provisioned with a psk  ?  and alow him to get connected to the wifi, Instead of saying unsupported device can we foward him to a psk provisioning page..or some thing similar to that.

 

I know nokia simbion device is not supported for byod , but can we provision him with a psk profile.

 

Aji N C


If these devices are just Personal BYOD then my recomendation would be to just have them connect to the guest network and you could give them a different roll that would grant better bandwidth, maybe a longer caching time so they dont have to constantly put in their credientials. 

 

Or what I would use is Quick Connect instead of OnBoarding. Quick connect is the same as onboarding except it will not provision a device cert. on the fly It will only set the wireless settings and push out the server certs to be trusted. You can set up profile to push down only a PSK SSID. 

 

As of today we support

 

Android

MacOSX

iOS

Windows

 

screenshot_14 Feb. 08 01.19.gif

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: