Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Multi-factor authentication

This thread has been viewed 1 times
  • 1.  Multi-factor authentication

    Posted Aug 15, 2014 07:23 PM

    We have a group of iPads that need to be restricted to a single SSID.  From what I have been able to research the only way is to exclude them by MAC address from all other SSIDs.  How do I do this?



  • 2.  RE: Multi-factor authentication

    Posted Aug 15, 2014 07:39 PM
    What authentication method are your SSIDs using?

    What type of radius server are you using?


  • 3.  RE: Multi-factor authentication

    Posted Aug 15, 2014 07:50 PM

    We use several different methods.  Our "Secure" SSID requires that the computer be in Active Directory.  We have an alternate "Secure" SSID that uses a pre-shared key.  Our "Guest" SSID requires that the user acknowledge the acceptable use policy on a spalsh screen.  Our "Student" SSID uses a pre-shared key.  We are trying to restrict the iPads to the "Student" SSID.



  • 4.  RE: Multi-factor authentication

    Posted Aug 15, 2014 07:58 PM

    Create a User-Derivation rule that references those MAC addresses and puts the user in the denyall role. This will stop them from receiving an IP address thus stopping them from entering the user table. Then in your AAA profiles for the guest and secure networks, select the UDR.

     

    udr-denyall.PNG

     

    udr-no-tablets.png