Security

kelvinffhan · 3 weeks ago

Hi Experts,

May I seek for your expert opinion for the below ClearPass feature? Do I require OnGuard license to achieve that? This is for wireless onboarding process.

The 1st part is: which I call it as pre-logon process, Aruba WiFi will check the client laptop already joined Microsoft AD domain or not. If it is yes, allow it to access Domain Controller. If not, disconnect it.

The 2nd part is: when user login Windows with his AD account, Aruba WiFi will also verify it with Domain Controller the login credential is correct or not. If it is correct, will give full network access to the client. If not, keeps only allow access to Domain Controller.

Herman Robers · 3 weeks ago

Onguard will do endpoint posture checking, like if anti-virus/firewall/patches are installed, running and up-to-date. For the functionality mentioned, I don't see such features used, so I don't think you will need OnGuard in this scenario.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

kelvinffhan · 3 weeks ago

Thanks Herman, however based on my scenario on 1st part do you have any idea if clearpass can achieve that with the defined policy before login to window.

Herman Robers · 2 weeks ago

Sure, that is a configuration of the Windows Supplicant. Under Advanced settings you can select the 'authentication mode':

Computer Authentication: always use the computer account, this works before and after logon.

User or Computer: use computer authentication pre-logon and switch to user authentication after logong

User Authentication: only authenticate after the logon.

These settings can be controlled via group policies in larger networks.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

kelvinffhan · a week ago

Thanks. You provide a very good hints to me.

Security

ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Step-by-Step: How to Configure Microsoft IAS Radius Server from Scratch

limiting the number of device s a user can have

MDAC Issues - Failed association

Aruba support LEAP?

Cant find Amigopod sizing Guide.

Aruba Deployment with Firewalls

Remote AP

ap uptime

COTD: Configuring ARM scanning for any client type

COTD: View the 802.1x Authentication Process

WPA-PSK and VLAN assignment via MAC address

Remove wireless profiles on Windows XP machines

Rolling out 802.1x with GTC

VMware Wireless Bridging

Resetting MAC OSX Leopard Wireless

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: ArubaOS Downloads

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Remote AP Networks

Indoor 802.11n Site Survey and Planning

ClearPass Policy Manager 6.3 User Guide

Lync Over Aruba WiFi

AOS and CPPM – Dot1x Authentication and integration

Security

ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Re: ClearPass without OnGuard License for IAP

Follow Us