Security

Reply
Frequent Contributor I

Restrict non-company issued smart devices

We use Clearpass (for RADIUS auth and Guest access) with Aruba controllers.  We use Airwatch to provision company-issued phones.  Is there anyway we can not allow "personal" devices on the network even if the person has domain creds?  We tested onboarding, however, that would require a separate SSID for laptops because the laptops connect (automatically) via machine/user auth and the computers are part of our domain.  Smart devices are not.

Guru Elite

Re: Restrict non-company issued smart devices

endpoint-corp.PNG


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Restrict non-company issued smart devices

not sure I fully understand

Aruba Employee

Re: Restrict non-company issued smart devices

Did you add Airwatch to the list of External Context Servers in CPPM? There should be a tech note on MDM integration that can help you with this and/or check out the ClearPass Exchange Recipes.

 

Once you do this, the Ownership field will be updated in the endpoints repository for endpoints registered in Airwatch.

Thanks,

Zach Jennings
Frequent Contributor I

Re: Restrict non-company issued smart devices

no I havent added Airwatch to the list of context servers.

Guru Elite

Re: Restrict non-company issued smart devices

You'll need to setup the MDM integration before you can use the AirWatch
attributes.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: