Create a role that implements these access controls. And make sure that personal devices get this role. Depending on the authentication method, you may be able from the controller to assign the role, or create a new SSID and allow personal devices on there.
Without details on authentication, and how you could recognize corporate versus personal device, it's hard to suggest beyond what is above. If you have an Aruba partner, you may setup a call with them to discuss the options. ClearPass may make it easier, but alternatives may be available.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 04, 2022 09:24 AM
From: Doug Selix
Subject: AOS 8 firewall config example needed
My employer demands personal devices be allowed on the network for staff.
Clearpass is not an option.
Allow to a dhcp source
Allow to a DNS source
All other LAN ip blocked
Just access to the web
Yes I realize this is bad. It is out of my hands. Those who make the decisions don't understand and don't care.
------------------------------
Doug Selix
------------------------------