Security

Reply
Highlighted
Contributor I

Is it possible to configure different auth methods for different type of device with same ssid?

Hi, we plan to configure one ssid with 802.1x auth on controller. and clearpass is radius with AD for different type type devices login. Please advise whether below configuration can be achieved or not. 

1 SSID + 802.1x auth ---> clearpass --> Active directory ( user, computer, computer certificate). 

a. user group 1 : use AD user account + computer id for auth

b. user group 2: use AD user account + computer certificate ( maybe this one is not possible)

c. user group 3 : use Ad computer certificate 

 

Can we create 3 services on clearpass to authenticate above 3 user/device groups? Please advise, thanks in advance.

 

Guru Elite

Re: Is it possible to configure different auth methods for different type of device with same ssid?

You are limited by:

 

-  What you can configure on each client

- Each cllient can only submit a single authentication method at the same time.

 

Mobile devices cannot do machine authentication, so you might not be able to tell if you are to expect machine authentication later.

On most windows machines you cannot configure a user and machine authentication for the same SSID, so that would be invalid.

 

Either way, you need to understand what authentication methods your clients support AND that those methods are only provided one at a time, and you might not understand what authentication method occured first.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Is it possible to configure different auth methods for different type of device with same ssid?

Thanks for your kind reply.  But based on the link below, it is possible to do user and machine authentication on same ssid.

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Best-practices-and-points-to-remember-while-deploying-user-and/ta-p/260781

Please advise. Thanks. 

Guru Elite

Re: Is it possible to configure different auth methods for different type of device with same ssid?

Yes,it is.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Is it possible to configure different auth methods for different type of device with same ssid?

Thanks. So i need to create 3 services for below groups:

user group1(laptop) :  AD user+machine 

user group2(tablet):  AD user

user group3 ( some machine) : AD certificate service

 

is it correct? And use OS type or device type to distingue the user authentication request.  PLease advise. Thanks.

Guru Elite

Re: Is it possible to configure different auth methods for different type of device with same ssid?

When a device first connects, the OS is not available, so that cannot be relied upon to authenticate clients that use a layer 2 method like 802.1x.  The OS still won't be available until the client gets an ip address, which happens AFTER successful 802.1x authentication.  I would not bother with making OS a factor in authentication.

 

I personally think you are making things too complicated.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Is it possible to configure different auth methods for different type of device with same ssid?

Thanks a lot for your kind advice.  Have a good day!

Guru Elite

Re: Is it possible to configure different auth methods for different type of device with same ssid?

You should really work with a partner.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: