Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Authentication of mobile devices based on ClearPass Endpoint Database

This thread has been viewed 10 times

  • 1.  Authentication of mobile devices based on ClearPass Endpoint Database

    Posted Mar 04, 2015 10:44 AM

    Hello,

     

    I recently configured a Endpoint Context Server in ClearPass to fetch data from a MobileIron MDM appliance.

     

    On ClearPass I can now see the mobile devices which are configured in MobileIron with all the available attributes.

     

    I would like to use two of the attributes in ClearPass to authenticate our company-owned devices on the wifi network.

    • Endpoint: MDM Enabled EQUALS true
    • Endpoint: Ownership EQUALS Corporate

     

    I have configured ClearPass to use these attributes but when I connect to the SSID I still get prompted for username and password. However, I want no user interaction at all. The devices should be able to connect to the WiFi network without prompting the user.

     

    My question is how my AAA profile on the controller should look like and which authentication method I should use on ClearPass?

     

    Thanks for your help!

     

    cheers,

    Harald



  • 2.  RE: Authentication of mobile devices based on ClearPass Endpoint Database

    EMPLOYEE
    Posted Mar 04, 2015 10:46 AM
    If you want to use a secure authentication method, there will always need to be some initial user interaction on the device.

    If you don't want any security, you can use an open network with MAC-caching.

    What are the security requirements for your organization / deployment?


    Thanks,
    Tim


  • 3.  RE: Authentication of mobile devices based on ClearPass Endpoint Database

    Posted Mar 05, 2015 05:12 AM

    Tim,

     

    thanks for your help! Of course, you are correct. Its been a while since I dug around the various authentication methods.

     

    I think at the end of the day we will use certificates on the mobile devices and EAP-TLS.

     

    cheers,

    Harald



  • 4.  RE: Authentication of mobile devices based on ClearPass Endpoint Database

    Posted Dec 15, 2022 04:11 AM
    same circumstance Who can assist us?

    EAP-TLS for mobile
    Original Message


  • 5.  RE: Authentication of mobile devices based on ClearPass Endpoint Database

    EMPLOYEE
    Posted Dec 15, 2022 04:50 AM
    Please work with your Aruba partner. If you see a username prompt on a mobile device, it probably does not have a proper client certificate, or the device has not been configured correctly. EAP-TLS for Mobile can mean a lot, and different mobile devices need different configuration.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message