Corporate (802.1X) and Guest (open w/clearpass captive portal) SSIDs are broadcasted. Corporate devices may connect to the corporate SSID, but not the guest SSID. The guest SSID captive portal only requires guests to 'accept terms' in order to gain Internet access; no username/password or identifiable information is requested.
How do you keep Corporate devices from gaining Internet access on the guest SSID? My current thought is a post authentication update that tags endpoints with an attribute of 'corporate' after logging into the corporate SSID. The guest's captive portal would check for this attribute when authentications occur. If the attribute exists, access is denied.
I feel like this would work just fine, but am curious to know if anyone has some other ideas. Can Clearpass verify if a device has logged into the Corporate SSID before?
Or.. push the Guest SSID to that client with WEP encryption via a GPO.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.