Security

Reply
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Restrict non-company issued smart devices

We use Clearpass (for RADIUS auth and Guest access) with Aruba controllers.  We use Airwatch to provision company-issued phones.  Is there anyway we can not allow "personal" devices on the network even if the person has domain creds?  We tested onboarding, however, that would require a separate SSID for laptops because the laptops connect (automatically) via machine/user auth and the computers are part of our domain.  Smart devices are not.

Guru Elite
Posts: 8,171
Registered: ‎09-08-2010

Re: Restrict non-company issued smart devices

endpoint-corp.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Restrict non-company issued smart devices

not sure I fully understand

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Restrict non-company issued smart devices

Did you add Airwatch to the list of External Context Servers in CPPM? There should be a tech note on MDM integration that can help you with this and/or check out the ClearPass Exchange Recipes.

 

Once you do this, the Ownership field will be updated in the endpoints repository for endpoints registered in Airwatch.

Thanks,

Zach Jennings
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Restrict non-company issued smart devices

no I havent added Airwatch to the list of context servers.

Guru Elite
Posts: 8,171
Registered: ‎09-08-2010

Re: Restrict non-company issued smart devices

You'll need to setup the MDM integration before you can use the AirWatch
attributes.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: