05-26-2017 08:19 AM
We've got a PSK SSID in use globally that's pretty well entrenched in our organization, and due to varying configurations it's turned into a very mixed-use network. What I'd like to do is steer mobile devices into a specific role/vlan, while leaving our bridges and other headless devices in the authenticated role. I've tried user derivation rules with DHCP thumbprints to do this but the results have been very poor (sub 10% hit rate). Rather than tearing it out and reconfiguring thousands of devices, I'd like to leverage the CPPM Endpoint Repository so that if the device name was, for example, iPhone it would hand the appropriate Aruba-User-Role back to the controller.
Is this possible? I've stepped through a few different configurations that I thought might work but I'm not even seeing requests in access tracker.
Solved! Go to Solution.
05-26-2017 08:28 AM
It’s also recommended to use the Device Registration portal in ClearPass to register those headless devices and assign a role and owner.
Be sure to enable MAC Authentication in your AAA profile on the controller.
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |