Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Possible to connect ipads to dot1x network without onboarding?

This thread has been viewed 0 times

  • 1.  Possible to connect ipads to dot1x network without onboarding?

    Posted Jun 01, 2016 08:16 AM

    We have found onboarding to be great for byod, but throws up a few challenges with regards to coporate issued ipads.  Ive been asked if theres a why to mass connect IOS devices to the corp dot1x wifi, without the onboarding process?  

     

    We ant to treat corp issued ipads different to byod, and want to be able to connect lots of them without having to individually onboard them.. is this possible with/without CP?  I know it sort of defeatd the point of having CP, but ive been asked!

     

     



  • 2.  RE: Possible to connect ipads to dot1x network without onboarding?

    EMPLOYEE
    Posted Jun 01, 2016 08:20 AM
    You could use EAP-PEAP (username/password) or if you're managing them via
    MDM, the MDM can issue certs on behalf of ClearPass.


  • 3.  RE: Possible to connect ipads to dot1x network without onboarding?

    Posted Jun 02, 2016 02:41 PM

    You could go with EAP-PEAP as outer method and MSCHAP-V2 as a inner method. 



  • 4.  RE: Possible to connect ipads to dot1x network without onboarding?

    Posted Jun 06, 2016 03:44 PM

    We did this for awhile but switched to onboarding and certificates.  If you go the methods above and have the users authenticate to an AD server be aware when their passwords expire the user will likely forget to update the password on these devices and the AD account will get locked.

     

    What are the challenges with the corporate devices?  Maybe someone has some solutions for you.