10-21-2016 07:35 AM
We recently just acquired Aruba APs, Mobility Controller and Clearpass. Basically, what I want to do is to have a single SSID, with 2 roles. i.e ROLE1 will have access to internet and LAN, and ROLE2 will have access to internet only.
My target are: for users to be under ROLE1, it should be able to authenticate using his AD credentials even if the device is not logged in to the domain, but it should also authenticate via MAC repository ( i'm planning to just manually add our devices' MAC addresses in the repository ). Users that will only have AD credentials but MAC is not registered in the repository should be under ROLE2. Is that something that is attainable? or is there a more logical and simplier way to do it. This is actually for our BYOD devices since we don't have license for onboard.
BTW, I also have another SSID wherein users that can access are only the ones that are already logged in to the domain.
I'd really appreciate any help that I can get.
-BeeJ aruba noob
10-21-2016 11:31 AM
10-21-2016 10:00 PM
I appreciate your response. So for the authentication part, do i have to add both the AD and the guest mac repository on the authentication source on the same Service? or do I need to create another Service that has another authentication source ( guest mac repository ) and point both those Services on the same SSID?
10-25-2016 03:21 AM
You can add the [Guest Device Repository] as an authorization source.
After adding them as devices in CPG, build a role mapping to tag those devices that have been added like this.
And then you can return different roles within your enforcement policy.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294