Wireless Access

Occasional Contributor II

BYOD with enhanced policy management



Can I achieve BYOD with enhanced policy management by only Aruba PEFNG licenses, without deploying Aruba ClearPass?... This Customer does not require any advanced on boarding features provide through ClearPass. Only considering following features...


·         BYOD with enhanced policy management (Device level policies for ipads / laptops of the same user using a single SSID)

·         3rd Party device profiling and access policing capability (profile, permit/deny access, drop, prioritize)



Nilanka Surain

Guru Elite

Re: BYOD with enhanced policy management

You are capable of much more granular policy with ClearPass.  For example, on the Aruba controller, you can put an iPad into a role or VLAN, but you cannot combine that with a user AD group requirement, for example.  When you need to provide enforcement for multiple policies especially with a single SSID, that is when ClearPass is needed.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Super Contributor I

Re: BYOD with enhanced policy management


As cjoseph notes, ClearPass has more integration tailored to the controller, and due to the first-rule-to-match behavior you can't build complicated expressions, though for a NAS the options are still quite impressive, and also some attributes can be sent to the AAA server to allow it to do the logic.  If the customer is asking about 3rd-party device classification integration, though, they might have a particular system in mind that they plan to use, so you might want to find out what that is and look at the specifics.  You can also do one level of fanciness by taking advantage of the difference between how the Role and the VLAN are selected.


Guru Elite

Re: BYOD with enhanced policy management

I would have to disagree with the statement "you can't build complicated expressions". When done correctly through the use of multiple services and enforcement policies, you can build very complicated, powerful expressions to build policy.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: BYOD with enhanced policy management


I meant on the controller itself, not in CPPM, sorry I was not clear.


Search Airheads
Showing results for 
Search instead for 
Did you mean: