Security

Reply
Frequent Contributor II
Posts: 109
Registered: ‎01-01-2012

restrict onboarded devices from connecting guest ssid

Hi,

I have CPPM- Cisco WLC setup as mentioned ;

One Guest SSID for auto-registration

One Onboarding SSID 

 

Requirement : Restrict onboarded device from connecting to Guest SSID. ( Guest SSId has open internet and Onboard has restricted)

 

Guest and onboard are  using same authorization  service.  How to separate these services as if I create two different services both guest and onboard goes through first service only.

 

when we select Onboard Repository as authorization source it does not give option like if device is present/not present in Onboard Rep for any enforcement.

 

 

Guru Elite
Posts: 8,053
Registered: ‎09-08-2010

Re: restrict onboarded devices from connecting guest ssid

[ Edited ]

Take a look at this post. You can follow some of the same logic except instead of using the custom attribute, try using:

 

device-mac-onboard-exists.png 

In theory you could check for any of the generic onboard attributes with the EXISTS check.

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Using-ClearPass-to-steer-users-to-secure-networks-mhc/m-p/144823


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: