Wireless Access

Reply
Occasional Contributor II
Posts: 30
Registered: ‎08-09-2016

clearpass- restricting machine to its dept/ site

Once the machine (Laptop, Smart network device etc) is checked against trusted mac address database than the mac address should be cross checked with group of switches it is allowed on.

 

For Eg: If the machine belongs to site A. If the machine is moved and brought to site B although the mac address is trusted but is doesnt belong to site B so the access of the network resources should be restricted.

Same in case if different departments...

 

 

Is this possible through clearpass..

Guru Elite
Posts: 21,018
Registered: ‎03-29-2007

Re: clearpass- restricting machine to its dept/ site

You can certainly do that (maintain lists of mac addresses and check them by site), but it would be complicated for the administer to add/remove/change new devices.  If a device does not work at a different site, your helpdesk would also be clogged with requests to find out why the laptop doesn't work, followed by an emergency request for the administrator to "make it work at this site".

 

Possible, yes...  hard to administer, yes....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: clearpass- restricting machine to its dept/ site

You have a couple options you can use:
- if the laptops are part of the domain use AD group membership based on the location in combination with custom Endpoint DB attributes and use those attributes to allow or deny access. (More dynamic less management overhead)

- Use the Guest device repository using TIPS roles based on the location (more management overhead) but is an option for non-domain devices

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: