Dell PowerConnect W Clearpass 100 Software Auto Create MAC Auth Account (Authe - Page 19

Page 19 highlights

3 Summary In review this solution provides a businesses with a zero touch method of registering web enabled devices for transparent authentication moving forward. Once the device is first authenticated via the Captive Portal process, all subsequent authentications are transparent via the background RADIUS MAC Authentication. The registration process is protected from open access by enforcing a authorization step where valid credentials must be provided during the initial Captive Portal authentication phase. These credentials can be either a simple Guest Account created by a sponsor within the business or potentially leverage Active Directory integration in the authentication process to verify the existence of a corporate AD account before permitting the registration of the device. An extension to this design would be to leverage a Group Membership with AD to determine whether particular users are able to register their device for transparent access moving forward. Although MAC based authentication is certainly not considered a robust security solution, this proposed design does provide a stepping-stone towards a more sophisticated Bring Your own Device management solution such as Aruba's MDAC strategy. The Appendix provides an optional advanced extension to this solution where browser detection on the Amigopod can be leveraged to prevent employees attempting to register their regular laptop devices and only make the MAC registration process available for SmartPhones and Mobile Tablets alike. Amigopod |Technical Note Auto Create MAC Account|19

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
Amigopod
|Technical Note
Auto Create MAC Account
|
19
3
Summary
In review this solution provides a businesses with a zero touch method of registering web enabled
devices for transparent authentication moving forward. Once the device is first authenticated via
the Captive Portal process, all subsequent authentications are transparent via the background
RADIUS MAC Authentication.
The registration process is protected from open access by enforcing a authorization step where
valid credentials must be provided during the initial Captive Portal authentication phase.
These credentials can be either a simple Guest Account created by a sponsor within the business
or potentially leverage Active Directory integration in the authentication process to verify the
existence of a corporate AD account before permitting the registration of the device. An extension
to this design would be to leverage a Group Membership with AD to determine whether particular
users are able to register their device for transparent access moving forward.
Although MAC based authentication is certainly not considered a robust security solution, this
proposed design does provide a stepping-stone towards a more sophisticated Bring Your own
Device management solution such as Aruba’s MDAC strategy.
The Appendix provides an optional advanced extension to this solution where browser detection
on the Amigopod can be leveraged to prevent employees attempting to register their regular laptop
devices and only make the MAC registration process available for SmartPhones and Mobile Tablets
alike.