11-20-2016 08:20 AM
Once the machine (Laptop, Smart network device etc) is checked against trusted mac address database than the mac address should be cross checked with group of switches it is allowed on.
For Eg: If the machine belongs to site A. If the machine is moved and brought to site B although the mac address is trusted but is doesnt belong to site B so the access of the network resources should be restricted.
Same in case if different departments...
Is this possible through clearpass..
11-20-2016 08:24 AM
You can certainly do that (maintain lists of mac addresses and check them by site), but it would be complicated for the administer to add/remove/change new devices. If a device does not work at a different site, your helpdesk would also be clogged with requests to find out why the laptop doesn't work, followed by an emergency request for the administrator to "make it work at this site".
Possible, yes... hard to administer, yes....
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
11-20-2016 09:07 AM
- if the laptops are part of the domain use AD group membership based on the location in combination with custom Endpoint DB attributes and use those attributes to allow or deny access. (More dynamic less management overhead)
- Use the Guest device repository using TIPS roles based on the location (more management overhead) but is an option for non-domain devices
Get Outlook for iOS
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA