Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

clearpass- restricting machine to its dept/ site

This thread has been viewed 0 times

  • 1.  clearpass- restricting machine to its dept/ site

    Posted Nov 20, 2016 11:20 AM

    Once the machine (Laptop, Smart network device etc) is checked against trusted mac address database than the mac address should be cross checked with group of switches it is allowed on.

     

    For Eg: If the machine belongs to site A. If the machine is moved and brought to site B although the mac address is trusted but is doesnt belong to site B so the access of the network resources should be restricted.

    Same in case if different departments...

     

     

    Is this possible through clearpass..



  • 2.  RE: clearpass- restricting machine to its dept/ site

    EMPLOYEE
    Posted Nov 20, 2016 11:24 AM

    You can certainly do that (maintain lists of mac addresses and check them by site), but it would be complicated for the administer to add/remove/change new devices.  If a device does not work at a different site, your helpdesk would also be clogged with requests to find out why the laptop doesn't work, followed by an emergency request for the administrator to "make it work at this site".

     

    Possible, yes...  hard to administer, yes....



  • 3.  RE: clearpass- restricting machine to its dept/ site

    Posted Nov 20, 2016 12:07 PM
    You have a couple options you can use:
    - if the laptops are part of the domain use AD group membership based on the location in combination with custom Endpoint DB attributes and use those attributes to allow or deny access. (More dynamic less management overhead)

    - Use the Guest device repository using TIPS roles based on the location (more management overhead) but is an option for non-domain devices

    Get Outlook for iOS