Super Contributor I

Configure NAC



One Question Please.


Is possible configured NAC for Smart device?



Trusted Contributor I

Re: Configure NAC

To clarify, what do you mean by NAC?  What would you like to accomplish with the mobile device?  I've found not everyone has the same definition of NAC...

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Super Contributor I

Re: Configure NAC

i need to enforce posture to mobil devices like ipad, android, etc etc (onguard)
 or, what can you suggest, because it is not clear NAC concept for me

Guru Elite

Re: Configure NAC

Sorry for the seemingly stupid questions, but can you also define posture for us? This term is also used in different ways.


NAC and Posture on mobile devices is very different than their desktop OS counterparts for the following reasons:

    - Most mobile devices won't have antivirus

    - Most mobile devices don't get frequent "patches"

    - Most mobile devices don't have a user accessible firewall

    - Applications are much more controlled on a mobile device because of app store restrictions


What posture assessments are you looking to do? The only one I can think of off the top of my head is a root/jailbreak check.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Super Contributor I

Re: Configure NAC

I understand, but in your experience could you give a advice or a tip for a configuration in BYOD with Clear Pass to a large corporation? (5k users)

We're considereing the double factor authentication(token).

Thanks in advance,


Trusted Contributor I

Re: Configure NAC

Is this a true BYOD deployment where the devices are not owned by the company, or are they company owned devices?

Would you like to OnBoard these devices so they can use EAP-TLS instead of tokens?

Do you need to guarantee that only certain devices are able to authenticate?

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.

Re: Configure NAC

So this comes down to what type of device you are looking to posture check.





Windows: PC, Laptops, Servers


Mac: PC, Laptops




Mobile device: iPad, iPod, phones etc...



You will need to either have a third party MDM or the built in MDM/Workspace (only IOS is supported as of today). You can integrate your MDM vendor with clearpass where it can pull down the information the MDM vendor publishes.


In 6.3 we now have a new feature where we can do a http put and be able to send commands to a few MDM vendors. This also opens up the ability to helpdesk ticket integration. 


The Endpoint Context Server Actions form now includes the ability to specify the HTTP enforcement actions (headers, content, and so on).
Typical RESTful API HTTP Methods are supported:
Designed to be used for policy actions or enforcement beyond the network
–Marketing referring to this as ‘Rules Exchange’
–POST, PUT and DELETE make most sense as actions
Some default actions will be provided for our MDM partners





Thank You,

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor I

Re: Configure NAC



The information is good!!!


Search Airheads
Showing results for 
Search instead for 
Did you mean: