Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎03-19-2014

BYOD with enhanced policy management

Hi,

 

Can I achieve BYOD with enhanced policy management by only Aruba PEFNG licenses, without deploying Aruba ClearPass?... This Customer does not require any advanced on boarding features provide through ClearPass. Only considering following features...

 

·         BYOD with enhanced policy management (Device level policies for ipads / laptops of the same user using a single SSID)

·         3rd Party device profiling and access policing capability (profile, permit/deny access, drop, prioritize)

 

Br,

Nilanka Surain

Guru Elite
Posts: 21,252
Registered: ‎03-29-2007

Re: BYOD with enhanced policy management

You are capable of much more granular policy with ClearPass.  For example, on the Aruba controller, you can put an iPad into a role or VLAN, but you cannot combine that with a user AD group requirement, for example.  When you need to provide enforcement for multiple policies especially with a single SSID, that is when ClearPass is needed.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: BYOD with enhanced policy management

 

As cjoseph notes, ClearPass has more integration tailored to the controller, and due to the first-rule-to-match behavior you can't build complicated expressions, though for a NAS the options are still quite impressive, and also some attributes can be sent to the AAA server to allow it to do the logic.  If the customer is asking about 3rd-party device classification integration, though, they might have a particular system in mind that they plan to use, so you might want to find out what that is and look at the specifics.  You can also do one level of fanciness by taking advantage of the difference between how the Role and the VLAN are selected.

 

Guru Elite
Posts: 8,628
Registered: ‎09-08-2010

Re: BYOD with enhanced policy management

I would have to disagree with the statement "you can't build complicated expressions". When done correctly through the use of multiple services and enforcement policies, you can build very complicated, powerful expressions to build policy.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: BYOD with enhanced policy management

 

I meant on the controller itself, not in CPPM, sorry I was not clear.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: