Hello.
We are switching our wireless infrastructure to Aruba APs and their ClearPass access control.
What's the most secure way to get all of our iPads connected to our Wi-Fi network? We've been trying to do push out Wi-Fi settings using certificate authentication but have been unsuccessful.
Any ideas, suggestions or help would be greatly appreciated!
Thank you!
Using 802.1x is enough.
I also suggest you open a support case with both Meraki anda Aruba.
most people would use some kind of MDM for this kind of work, JAMF is well known for Apple devices, you can also consider exploring Meraki Systems Manager, you can use for free trial up to 100 devices. (not any more, thanks for correction @PhilipDAth )
typically what you would do is create a provisioning SSID which can be open or MAB, connect iPads to the network and provision devices for 802.1X with PEAP or EAP-TLS, if you don't want to get into hassle of certificate management you can use single cert for all (not recommended, but if you are short staffed) . once provisioned devices will disconnect from open and will connect to secure SSID, once all provisioning is done disable open SSID.
>you can use for free trial up to 100 devices.
Not any more. 😞
https://documentation.meraki.com/SM/Other_Topics/Meraki_SM_Legacy_and_Free_100_Retirement_FAQ
>We are switching our wireless infrastructure to Aruba APs and their ClearPass
This is a Cisco Meraki forum ... perhaps try an HPE forum?
The easiest way would be to use Meraki WiFi and Systems Manager and spend 15 seconds, yes, SECONDS deploying certs to all of your devices, utilising the built in PKI and RADIUS in Meraki Dashboard
But, as you're not doing that, so....
1. Create a new Setting (Systems Manager > Settings > Add profile)
2. Give is a name
3. Add a certificate payload: You'll have to reach out to ClearPaass to work out what type, either dynamic or static
4. Add a wifi payload to the same setting, and configure the various 802.1x options under Security > WPA2 Enterprise > Protocols / Authentication / Trust
5. Under Authentication > Identity Certificate, choose the SCEP / Cert payload you created earlier