Wireless Access

Reply
Frequent Contributor I
Posts: 76
Registered: ‎01-03-2014

Apple Mac Day one configuration network

We are wanting to get Apple Mac's on our network.  We do not route the internet space on our corporate network.  When a mac gets shipped to an employee, we want them to be able to pull it out connect it to a wireless network and provision it.  we could provision an ssid that would tunnel out to the internet, but would need some way to lock it down to just new Macs comming on line and not allow anyone else to connect to it.   we have sites world wide that would need this capability.  We are running controllers and IAP's  running 6.4.2 and above.   we also have clearpass installed that we are using for authentication on the corp. side but not sure how to get clearpass involved as it would be a PSK on the authentication side.  

Anyone else doing this with this type of scenario?

MVP
Posts: 129
Registered: ‎07-13-2015

Re: Apple Mac Day one configuration network

I see 2 options :

- You set up a guest SSID with a captive portal page, you manage the user accounts and when someone needs to provision a MAC, you create him a temporary 3 days account and you send him on receive date.

OR

- You only whitelist the required destinations to "stage" the MAC and block everything else. Then people wouldn't really have access to internet through this network.

ACMP, ACCP, BCNE
Guru Elite
Posts: 8,756
Registered: ‎09-08-2010

Re: Apple Mac Day one configuration network

How is your network actually configured? Is the internet routable through your entire network and just blocked or is it completely isolated?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 76
Registered: ‎01-03-2014

Re: Apple Mac Day one configuration network

we do not have internet space routed inside (we are going to be routing the 17.x.x.x space to a proxy for day 2 and onward support of apple).

 

I have not done the provisioning yet myself, but from what I am told a portal page for logon is not an options as the devices has not been provisioned yet so has no applications for the user to use.

Guru Elite
Posts: 8,756
Registered: ‎09-08-2010

Re: Apple Mac Day one configuration network

You could add an interface off your controller that has internet access and
drop the user's into a role that uses that subnet.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: