Security

Hello, everyone...

Thanks in advance for your patience.  I'm very new to Clearpass.  I've spent a lot of time searching the forums for an answer to my questions, but I'm not experienced enough to fully put what I've found/read into action successfully.

We had a vendor set up the Clearpass system this past year in our School District to do onboarding for wireless devices (Ruckus).  We're not using it as envisioned and are probably going to abandon the onboarding functionality.  Instead, I'd like to see if we can set it up to control access to a couple wireless networks based on AD credentials. 

We currently have a wireless network for staff BYOD secured with a password...I'd like to eliminate the possibility of that password getting out to students.

How would I set up Clearpass so that the staff SSID uses 802.1x and AD credentials to allow or deny access?  Is there a way to have those who have authenticated to have access for a certain number of days before they are forced to re-authenticate? 

In setting up the onboarding configuration, our vendor put the Clearpass servers on our domain, and we have an AD source set up and working, so that step is done.

Any information you all can give me will be supremely appreciated.  Thank you!

You probably should not use AD password for wireless authentication if you don't want the username/password to be exposed. Onboarding is a solution to that issue, to separate the wireless device authentication from the AD password by using a self-provisioned certificate and as well get the configuration on the client device done properly.

I'd highly recommend involving an Aruba partner or specialist to create and implement a proper design.

If you want to spend time yourself, this video series may help to get the job done.