But would that bypass the captive portal we currently have for Guests on that SSID, or would something like this require a totally separate SSID? We want to keep the captive portal on the SSID, but if the system sees a Mac address that is allowed connect to the SSID, the device bypasses that SSID and is placed in some role. The current setup is an Instant AP cluster that we manage in with a Template in Airwave.
Guests connecting to their SSID have rules in ClearPass that require ALL matched:
Radius:IETF____Calling-Station-Id____EXISTS
Connection____Client-Mac-Address_____NOT EQUALS____ %{Radius:IETF:User-Name}
Radius:Aruba___Aruba-Essid-Name____EQUALS____Guest
-Dave