Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired non-domain machine access

This thread has been viewed 2 times

  • 1.  Wired non-domain machine access

    Posted May 03, 2019 12:55 PM

    I am considering different options for allowing non-domain wired machines on the network. 

    1. CIsco switches access port will be configured with dot1x and mab in that order.

    2. Employee bringing their personal laptop will not likely have dot1x supplicant and I want to redirect them to the Guest portal. We are using Cisco Switches. I am also looking for a smaple implementation. 

    3. Guest brining their laptop will also be redirected to guest portal after failing dot1x. 

     

    In this scenario both employee and guest will have same access. It is not an ideal solution. I need ot address the employee laptop onboarding issue. Should I create a new portal and allow employee to onboard using that portal with AD authentication? I have not done it before s if there si any sample config/document it would help. 

     

    Is there any other consideration? 

     



  • 2.  RE: Wired non-domain machine access

    EMPLOYEE
    Posted May 03, 2019 01:06 PM

    Hello Faadi,

     

    These two links should be able to help you:

     

    https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Enable-Dot1x-authentication-for-wired-clients-in-Cisco/ta-p/187704

     

    https://community.arubanetworks.com/t5/Security/Guidance-with-MAB-and-ClearPass-Captive-Portal-for-Wired/td-p/416047

     

    You could find more documents in the comments section of the second link.

     

    hope this helps..