We recently just acquired Aruba APs, Mobility Controller and Clearpass. Basically, what I want to do is to have a single SSID, with 2 roles. i.e ROLE1 will have access to internet and LAN, and ROLE2 will have access to internet only.
My target are: for users to be under ROLE1, it should be able to authenticate using his AD credentials even if the device is not logged in to the domain, but it should also authenticate via MAC repository ( i'm planning to just manually add our devices' MAC addresses in the repository ). Users that will only have AD credentials but MAC is not registered in the repository should be under ROLE2. Is that something that is attainable? or is there a more logical and simplier way to do it. This is actually for our BYOD devices since we don't have license for onboard.
BTW, I also have another SSID wherein users that can access are only the ones that are already logged in to the domain.
I'd really appreciate any help that I can get.
-BeeJ aruba noob
I appreciate your response. So for the authentication part, do i have to add both the AD and the guest mac repository on the authentication source on the same Service? or do I need to create another Service that has another authentication source ( guest mac repository ) and point both those Services on the same SSID?
You can add the [Guest Device Repository] as an authorization source.
After adding them as devices in CPG, build a role mapping to tag those devices that have been added like this.
And then you can return different roles within your enforcement policy.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.