Wireless Access

last person joined: 12 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

can i authenticate AD and MAC repository for users at the same time?

  • 1.  can i authenticate AD and MAC repository for users at the same time?

    Posted Oct 21, 2016 10:35 AM

    Hi all,

     

    We recently just acquired Aruba APs, Mobility Controller and Clearpass. Basically, what I want to do is to have a single SSID, with 2 roles. i.e ROLE1 will have access to internet and LAN, and ROLE2 will have access to internet only.

     

    My target are: for users to be under ROLE1, it should be able to authenticate using his AD credentials even if the device is not logged in to the domain, but it should also authenticate via MAC repository ( i'm planning to just manually add our devices' MAC addresses in the repository ). Users that will only have AD credentials but MAC is not registered in the repository should be under ROLE2. Is that something that is attainable? or is there a more logical and simplier way to do it. This is actually for our BYOD devices since we don't have license for onboard.

     

    BTW, I also have another SSID wherein users that can access are only the ones that are already logged in to the domain.

     

    I'd really appreciate any help that I can get.

     

    Thanks!

    -BeeJ aruba noob



  • 2.  RE: can i authenticate AD and MAC repository for users at the same time?

    Posted Oct 21, 2016 02:32 PM
    Yes, you can. I'd recommend you use the guest device repository to handle the MAC address registration.


  • 3.  RE: can i authenticate AD and MAC repository for users at the same time?

    Posted Oct 22, 2016 01:01 AM

    Hi Tim,

     

    I appreciate your response. So for the authentication part, do i have to add both the AD and the guest mac repository on the authentication source on the same Service? or do I need to create another Service that has another authentication source ( guest mac repository ) and point both those Services on the same SSID?

     

    Thanks!



  • 4.  RE: can i authenticate AD and MAC repository for users at the same time?

    Posted Oct 25, 2016 06:22 AM

    You can add the [Guest Device Repository] as an authorization source.

    After adding them as devices in CPG, build a role mapping to tag those devices that have been added like this.

     

    Snip20161025_3.png

     

    And then you can return different roles within your enforcement policy.

    Snip20161025_5.png