07-01-2014 11:29 PM
Can I achieve BYOD with enhanced policy management by only Aruba PEFNG licenses, without deploying Aruba ClearPass?... This Customer does not require any advanced on boarding features provide through ClearPass. Only considering following features...
· BYOD with enhanced policy management (Device level policies for ipads / laptops of the same user using a single SSID)
· 3rd Party device profiling and access policing capability (profile, permit/deny access, drop, prioritize)
Solved! Go to Solution.
07-02-2014 02:03 AM
You are capable of much more granular policy with ClearPass. For example, on the Aruba controller, you can put an iPad into a role or VLAN, but you cannot combine that with a user AD group requirement, for example. When you need to provide enforcement for multiple policies especially with a single SSID, that is when ClearPass is needed.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
07-02-2014 07:08 PM
As cjoseph notes, ClearPass has more integration tailored to the controller, and due to the first-rule-to-match behavior you can't build complicated expressions, though for a NAS the options are still quite impressive, and also some attributes can be sent to the AAA server to allow it to do the logic. If the customer is asking about 3rd-party device classification integration, though, they might have a particular system in mind that they plan to use, so you might want to find out what that is and look at the specifics. You can also do one level of fanciness by taking advantage of the difference between how the Role and the VLAN are selected.
07-02-2014 07:13 PM