Hello Everyone,
First I would like to say thanks to all Experts and Gurus on Aruba community for sharing their experience and knowledge.
I am a Newbie on Aruba Community/Network and have more experience in VoIP domain and currently working for a big enterprise where security is always first .
As far as wirless network in company its all aruba and working very well in a secure enviornment with 2 Data Center , DMZ , Master Active/Standby controller and 200 medium and small sites with their local controller present.
I recieved a request from CIO to add his personal wireless printer into the existing network. After spending 1 weeks looking for a solution on Airhead I can't find the right answer. My concern is How I can add a HP wireless printer to a local site with 802.1x enable network which has Certiicate installed everywhere.
Short Wirelss Design Summary --
So Basically, how the traffic is flowing -- When a device get connected to the local site and if its a IPAD,Iphone then it get check through Airwatch and gets certificate/authenticated first. Then it goes to Clearpass and gets a Untrusted role .
After becoming an Untrusted device , it contact the controller which is in DMZ. There is a secure tunnel from the local controller and the controller in DMZ for every site . from there its get an IP address and
all the traffic then goes via a tunnel to Internet .
I tried it doing it one way
Creating a Host address list on the Clearpass and create services and roles and mapping. But it never hit the clearpass. As soon as I try to connecting to my Corporate SSID , HP printer shows an Error on screen -- Can't connect to this network because of unsuppored authentication and encryption.
I also thought trying to do the split tunneling. But because all the sites has local controller present and connected to datacenter where a Master Controller present and controller in DMZ. I dont know it will be good to add another AP as Remote AP or Coverting an CAP into RAP.
I would really thanks to everyone on the community if you can please give me an idea, how it can be done.
I am happy to answer all the question in case if you need more information.