11-07-2016 08:35 AM
11-07-2016 08:37 AM
Thanks, I am actually the Aruba partner and I'm Clearpass certified, I haven't setup single SSID onboard in a long time and was hoping Aruba had some decent documentation around a generic setup.
11-07-2016 08:49 AM
Essentially the only configuration that makes it a single SSID Onboard is adding an enforcement rule that checks if the outer method is EAP-PEAP, and if so, put the device into an Onboard enrollment role. You can layer on policy checks for more advanced policies.
Keep in mind that all of the security issues around PEAPv0/EAP-MSCHAPv2 still apply with single SSID Onboard during the initial authentication. If your customer is security conscious, I'd recommend dual SSID Onboard.