Wireless Access

Reply
Contributor II

Authentication of mobile devices based on ClearPass Endpoint Database

Hello,

 

I recently configured a Endpoint Context Server in ClearPass to fetch data from a MobileIron MDM appliance.

 

On ClearPass I can now see the mobile devices which are configured in MobileIron with all the available attributes.

 

I would like to use two of the attributes in ClearPass to authenticate our company-owned devices on the wifi network.

  • Endpoint: MDM Enabled EQUALS true
  • Endpoint: Ownership EQUALS Corporate

 

I have configured ClearPass to use these attributes but when I connect to the SSID I still get prompted for username and password. However, I want no user interaction at all. The devices should be able to connect to the WiFi network without prompting the user.

 

My question is how my AAA profile on the controller should look like and which authentication method I should use on ClearPass?

 

Thanks for your help!

 

cheers,

Harald

Guru Elite

Re: Authentication of mobile devices based on ClearPass Endpoint Database

If you want to use a secure authentication method, there will always need to be some initial user interaction on the device.

If you don't want any security, you can use an open network with MAC-caching.

What are the security requirements for your organization / deployment?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Authentication of mobile devices based on ClearPass Endpoint Database

Tim,

 

thanks for your help! Of course, you are correct. Its been a while since I dug around the various authentication methods.

 

I think at the end of the day we will use certificates on the mobile devices and EAP-TLS.

 

cheers,

Harald

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: