Security

Reply
Regular Contributor I
Posts: 184
Registered: ‎03-22-2013

Possible to connect ipads to dot1x network without onboarding?

[ Edited ]

We have found onboarding to be great for byod, but throws up a few challenges with regards to coporate issued ipads.  Ive been asked if theres a why to mass connect IOS devices to the corp dot1x wifi, without the onboarding process?  

 

We ant to treat corp issued ipads different to byod, and want to be able to connect lots of them without having to individually onboard them.. is this possible with/without CP?  I know it sort of defeatd the point of having CP, but ive been asked!

 

 

Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: Possible to connect ipads to dot1x network without onboarding?

You could use EAP-PEAP (username/password) or if you're managing them via
MDM, the MDM can issue certs on behalf of ClearPass.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎04-19-2016

Re: Possible to connect ipads to dot1x network without onboarding?

You could go with EAP-PEAP as outer method and MSCHAP-V2 as a inner method. 

Regular Contributor I
Posts: 178
Registered: ‎10-20-2010

Re: Possible to connect ipads to dot1x network without onboarding?

We did this for awhile but switched to onboarding and certificates.  If you go the methods above and have the users authenticate to an AD server be aware when their passwords expire the user will likely forget to update the password on these devices and the AD account will get locked.

 

What are the challenges with the corporate devices?  Maybe someone has some solutions for you.

Search Airheads
Showing results for 
Search instead for 
Did you mean: