capalli,
"Those device can be pre registered by end users using the device registration portal."
Here is where I am having a problem. Currently, I setup ClearPass Mac registration form with two roles: Mac Role and Games Roles. Mac Roles for any non-802.1x devices and Games Roles for game consoles. The reason i separate them is because the Game Role is getting public ip addresses to avoid nat the game consoles in the dorms.
So my plan was to have the students call the help desk for non-802.1x devices and have the help desk tech register the devices and place them in the correct role. I also created a form in the help desk page that will send the information to the help desk via email.
Now I am sure after a while the help desk will not like me anymore lol, so i am looking for a long term solution: self-registration
Option 2:
Create the Self-Registration Webpage and have the student register the devices. Instead of having an Open ssid in the dorms for onboarding i was going to have a link in the help desk page that will redirect to the clearpass self-registration.
Now,
The first page the student should see is a login page that they will input their AD credentials and then allow to register the mac addresses. Here is the problem:
1. Cannot control they select the right role MAC or Games. Or can i?
2. Cannot control students registering laptop mac addresses and using the MAC auth SSID instead of the 802.1x SSID?
The perfect scenario will be students registering the devices then having only a single role. Also, have clearpass or the controller track via endpoint profiler or 802.1x compliant status so laptops and 802.1x capable devices dont use this SSID.
Sorry for the long message. I hope also this help someone else.
Thank you
Nils
I work for Nova Southeasten Univeristy in Florida. We have currently around 13,000 wireless devices connecting on Guest, 802.1x SSID, Phone SSID, and Mac Auth SSID.