Security

Hello

I got a requirement of a company which he wants the fallowing

If the computer is on the Active directory  he has a role which can access everything

if the user has a tablet with android or a smartphone with his user and password of AD he just got internet

I know how to do this but my issue is the fallowing i know how to do it by doing it by operating system...

If it android IOS well just the role of just internet

If its windows then allow it to the internal network

But then if it comes with awindows 8 tablet or windows 7 tablet a personal one then he will have access

How can i do that just the laptops that are on active directory are the ones that can have access to the internal network...

and if they client brings a computer a personal one that is a windows 7 he does not have access maybe just access to intenret...

I tihink it can be done but what paramethers i should use on the service so it can be done correctly

Thanks

Carlos

You can definetily do this .

We are currently doing something similar where we match an AD group in combination with the device type and place it in a Role/VLAN on the controller and we are still using the same SSID/Clearpass service

You can use a combination of this :

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/CPPM-RADIUS-Authenticatiion/m-p/87764#M2875

With this :

And you can create a role mapping matching the win 7 devices or win 8 and you can place this in different roles in the controller

On top of the AOS device type, you can also reference the ClearPass endpoint profiling dataL

You could also do machine authentication which can authenticate the computer against AD instead of or along with the user.

If you are talking only Domain Computers having full access, then you can use the [Machine Authenticated] attribute.  Since personal devices are most likely not going to be joined to the domain, that would eliminate them as [Machine Authenticated] right off the bat without any worry about ensuring that the device has been profiled.