Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba-Mdps-Provisioning-Settings syntax

This thread has been viewed 2 times

  • 1.  Aruba-Mdps-Provisioning-Settings syntax

    Posted May 03, 2016 04:06 PM

    I'm trying to, upon Onboard Pre-Auth, point a user/device to a specific provisioning settings (that is tied to different root CAs) based upon the MAC address of the device. I believe I can use the Radius:Aruba:Aruba-Mdps-Provisioning-Settings attribute, however I seem to not be getting the syntax right.

     

    Has anyone used this? or is there a more preferred way of doing what I'm describing?



  • 2.  RE: Aruba-Mdps-Provisioning-Settings syntax

    EMPLOYEE
    Posted May 03, 2016 04:10 PM
    Is this dual or single SSID onboard?


  • 3.  RE: Aruba-Mdps-Provisioning-Settings syntax

    Posted May 03, 2016 04:30 PM
    Single-SSID.

    Major Caveat is that we can't have users redirected via user-role to the web page; they'll need to navigate to it from links off other means. The reason for this is that we're trying to check for business vs. personally owned devices, and in order to do the former approach, we'd have to have all the tens of authorization sources that would help delineate business|personal included with our standard 802.1X authentication. Given that we do 8 million auths a day, we can't afford to have all those sources hit that much.

    Thus, we're looking to perform the lookup to delineate business|personal during the web-auth/pre-auth part of onboarding.

    - Ryan -