Wireless Access

We are wanting to get Apple Mac's on our network.  We do not route the internet space on our corporate network.  When a mac gets shipped to an employee, we want them to be able to pull it out connect it to a wireless network and provision it.  we could provision an ssid that would tunnel out to the internet, but would need some way to lock it down to just new Macs comming on line and not allow anyone else to connect to it.   we have sites world wide that would need this capability.  We are running controllers and IAP's  running 6.4.2 and above.   we also have clearpass installed that we are using for authentication on the corp. side but not sure how to get clearpass involved as it would be a PSK on the authentication side.  

Anyone else doing this with this type of scenario?

I see 2 options :

- You set up a guest SSID with a captive portal page, you manage the user accounts and when someone needs to provision a MAC, you create him a temporary 3 days account and you send him on receive date.

OR

- You only whitelist the required destinations to "stage" the MAC and block everything else. Then people wouldn't really have access to internet through this network.

How is your network actually configured? Is the internet routable through your entire network and just blocked or is it completely isolated?

we do not have internet space routed inside (we are going to be routing the 17.x.x.x space to a proxy for day 2 and onward support of apple).

 

I have not done the provisioning yet myself, but from what I am told a portal page for logon is not an options as the devices has not been provisioned yet so has no applications for the user to use.

You could add an interface off your controller that has internet access and
drop the user's into a role that uses that subnet.