Security

 View Only
last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Which ClearPass Modules do I need for BYOD and Guestaccess ?

This thread has been viewed 0 times

  • 1.  Which ClearPass Modules do I need for BYOD and Guestaccess ?

    Posted Oct 07, 2012 09:46 AM

    Hi, 

     

    I am looking for a solution to provide BYOD access and Guest access.

    - BYOD access should work via Certificates (e.g. EAP-TLS), company employees should do that via registration e.g. webauth with MS-AD credentials. After that the BYOD should get a certificate with the CN of the company-AD-username and an EAP-TLS konfiguration for authentication to the ClearPass authentication server.

     

    - Guest access should work via web-authentication, a ticket should be given via a sponsor, who generates the guest-ticket. After that the Guestuser can connect to the wireless network and gets an http-redirekt to the guest authentication portal.

     

    - I don't need any device fingerprinting, because BYOD and Guest will be on the same SSID and will get the same access to the internet.

     

    What Clearpass systems are needed for that ?

     

    I thought following:

    ClearPassPolicy Manager (Base System)

    - ClearPassOnboard for BYOD Access (SW-Module in PolicyManager)

    - ClearPassGuest for GuestAccess (SW-Module in PolicyManager)

     

    Best Regards

    Alois

     



  • 2.  RE: Which ClearPass Modules do I need for BYOD and Guestaccess ?

    EMPLOYEE
    Posted Oct 08, 2012 07:27 AM
    @aheilmaier wrote:

    Hi, 

     

    I am looking for a solution to provide BYOD access and Guest access.

    - BYOD access should work via Certificates (e.g. EAP-TLS), company employees should do that via registration e.g. webauth with MS-AD credentials. After that the BYOD should get a certificate with the CN of the company-AD-username and an EAP-TLS konfiguration for authentication to the ClearPass authentication server.

     

    - Guest access should work via web-authentication, a ticket should be given via a sponsor, who generates the guest-ticket. After that the Guestuser can connect to the wireless network and gets an http-redirekt to the guest authentication portal.

     

    - I don't need any device fingerprinting, because BYOD and Guest will be on the same SSID and will get the same access to the internet.

     

    What Clearpass systems are needed for that ?

     

    I thought following:

    ClearPassPolicy Manager (Base System)

    - ClearPassOnboard for BYOD Access (SW-Module in PolicyManager)

    - ClearPassGuest for GuestAccess (SW-Module in PolicyManager)

     

    Best Regards

    Alois

     

    You are correct about the requirements.  ClearPassOnboard is a SW-Module in the ClearPass Guest Server, though.  ClearPass Guest is also a Software Module in the ClearPass Guest Server.