Wireless Access

 View Only

  • 1.  Combining two SSID's using OnBoarding

    Posted Jun 13, 2023 09:37 AM

    Hello,

    We want to combine two SSID's together. We currently have two SSID's, one for BYOD devices and one for domain devices. We want to combine these two in one single SSID by using OnBoarding for the BYOD's. We want to use a second 'guest' SSID to start the OnBoarding method for the BYOD's but we are not sure how secure this is. We need to allow HTTPS traffic to the Clearpass Policy Manager in order to allow users from the guest SSID to start the OnBoarding proces by putting in their credentials. How secure is allowing traffic to the Clearpass server from this SSID (The guest SSID is an open SSID)? And what traffic needs to be allowed?

    Jer



  • 2.  RE: Combining two SSID's using OnBoarding

    Posted Jun 13, 2023 09:48 AM

    "We need to allow HTTPS traffic to the Clearpass Policy Manager in order to allow users from the guest SSID to start the OnBoarding proces by putting in their credentials."

    To start the OnBoarding proces, we want to put the link to the login page at the bottom in the guestlogin page. This is also done in a video on the Airheads broadcasting youtube channel. How secure is this method? Because by giving permission to access the loginpage, we also give them access to the loginpage from the CPPM. And we think that this is a bit insecure. Can someone explain if this is insecure and how to fix this?


    Original Message


  • 3.  RE: Combining two SSID's using OnBoarding

    Posted Jun 28, 2023 10:39 AM

    You can (should) lock down policy manager access under Server Manager - Network - Application Access Control. Make sure the guest network cannot access policiy manager, or even better add only your management networks that should have access (and deny everything else):



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content