Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

This thread has been viewed 0 times

  • 1.  PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

    Posted Feb 07, 2014 01:49 AM

    We have an ongoing clearpass byod deployment, How do we handle the unsupported devices like a old nokia mobile which is running symbion etc. What are the options/ best methods ?

     

    I have seen provisioning a device with psk authentication in the clearpass demo( clearpass.arubademo.net) How do we implement that ?

     



  • 2.  RE: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

    EMPLOYEE
    Posted Feb 07, 2014 03:01 AM

    The most common practice I have seen is that the company would have a separate SSID that has a PSK but also is MAC auth and profiler. That way if the key was broken you still are MAC auth the device along with profiler to make sure the device is what its saying. 

     

    I guess it all comes down to do you want some kind of encryption on the wireless connection...

     

    Again you are still stuck with a 3 SSIDs (Guest, BYOD, PSK) but it is a lot less than what some have out there. :)



  • 3.  RE: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

    Posted Feb 07, 2014 04:53 AM

    Thanks Troy, Few more clarifications 

     

    How do we provision the PSK key to the client by using device provisioning,  The use case we are trying to know is below.

     

    an employee who has a old nokia phone connects to the BYOD ssid , He has the AD credentials , profiling will detect it as a smart device and forwards to the  device provisioning page where it comes out that it is not a supported device.

     

    Instead of that can we get him provisioned with a psk  ?  and alow him to get connected to the wifi, Instead of saying unsupported device can we foward him to a psk provisioning page..or some thing similar to that.

     

    I know nokia simbion device is not supported for byod , but can we provision him with a psk profile.

     

    Aji N C



  • 4.  RE: PSK Provisioning for BYOD enviornment ( BYOD Unsupported Devices )

    EMPLOYEE
    Posted Feb 08, 2014 02:21 AM
    @wifiabcd wrote:

    Thanks Troy, Few more clarifications 

     

    How do we provision the PSK key to the client by using device provisioning,  The use case we are trying to know is below.

     

    an employee who has a old nokia phone connects to the BYOD ssid , He has the AD credentials , profiling will detect it as a smart device and forwards to the  device provisioning page where it comes out that it is not a supported device.

     

    Instead of that can we get him provisioned with a psk  ?  and alow him to get connected to the wifi, Instead of saying unsupported device can we foward him to a psk provisioning page..or some thing similar to that.

     

    I know nokia simbion device is not supported for byod , but can we provision him with a psk profile.

     

    Aji N C

    If these devices are just Personal BYOD then my recomendation would be to just have them connect to the guest network and you could give them a different roll that would grant better bandwidth, maybe a longer caching time so they dont have to constantly put in their credientials. 

     

    Or what I would use is Quick Connect instead of OnBoarding. Quick connect is the same as onboarding except it will not provision a device cert. on the fly It will only set the wireless settings and push out the server certs to be trusted. You can set up profile to push down only a PSK SSID. 

     

    As of today we support

     

    Android

    MacOSX

    iOS

    Windows

     

    screenshot_14 Feb. 08 01.19.gif