New Contributor

Authenticated 3 categories of devices with clearpass on one SSID


We have a customer who need to return specific role following devices :

- devices in AD
- devices in Airwatch
- others devices

How we can do that with 1 SSID ? Actualy they use forescout and virtual firewalling to do that.
With Aruba controller and clearpass we need to use aruba role returned by clearpass.
- 802.1x : If we use 802.1x we will have problem with "others devices" because we don't know these devices and we can't setup properly wifi profile.
- Mac-authentification : Maybe is possible to cheat with mac-authentification. Force client to pass go throught clearpass but is it possible to have mac-auth always true (maybe with time source or other authentification source)?
- Captive portal : Need licence and it needs to be transparent (use auto login)

What do you think ? have you any ideas ?

Thanks for your help

Guru Elite

Re: Authenticated 3 categories of devices with clearpass on one SSID

You will need more than one SSID.  If a device cannot use 802.1x, you need to probably setup a second SSID that uses WPA2-PSK for those devices.


You will then need to possibly layer mac authentication on top of that with clearpass to whatever database you have.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: