Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎10-21-2016

can i authenticate AD and MAC repository for users at the same time?

Hi all,

 

We recently just acquired Aruba APs, Mobility Controller and Clearpass. Basically, what I want to do is to have a single SSID, with 2 roles. i.e ROLE1 will have access to internet and LAN, and ROLE2 will have access to internet only.

 

My target are: for users to be under ROLE1, it should be able to authenticate using his AD credentials even if the device is not logged in to the domain, but it should also authenticate via MAC repository ( i'm planning to just manually add our devices' MAC addresses in the repository ). Users that will only have AD credentials but MAC is not registered in the repository should be under ROLE2. Is that something that is attainable? or is there a more logical and simplier way to do it. This is actually for our BYOD devices since we don't have license for onboard.

 

BTW, I also have another SSID wherein users that can access are only the ones that are already logged in to the domain.

 

I'd really appreciate any help that I can get.

 

Thanks!

-BeeJ aruba noob

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: can i authenticate AD and MAC repository for users at the same time?

Yes, you can. I'd recommend you use the guest device repository to handle the MAC address registration.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎10-21-2016

Re: can i authenticate AD and MAC repository for users at the same time?

Hi Tim,

 

I appreciate your response. So for the authentication part, do i have to add both the AD and the guest mac repository on the authentication source on the same Service? or do I need to create another Service that has another authentication source ( guest mac repository ) and point both those Services on the same SSID?

 

Thanks!

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: can i authenticate AD and MAC repository for users at the same time?

You can add the [Guest Device Repository] as an authorization source.

After adding them as devices in CPG, build a role mapping to tag those devices that have been added like this.

 

Snip20161025_3.png

 

And then you can return different roles within your enforcement policy.

Snip20161025_5.png

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: