In doing my research, it seems the Instant (non-On) APs like the 505 allow me to do MAC authentication where I can just add the MAC address of clients to the internal user database of the AP and it will only allow clients with those MAC addresses to connect to the SSID. Seems there is no need for any external RADIUS server or anything like that.
This feature is attractive to me because I have a small branch office (only 5 or so devices) where I would like to enable this so that even if the wifi password leaks, employees won't be able to attach their personal phone to the corporate SSID :)
Now, because it is such a small office, I was looking at the Instant "On" version of the APs like the AP22.
Does anyone know if this feature is also available in the Instant On series? Or if there is any other way to whitelist clients without the need for any other external supporting infrastructure?
The requested feature is not supported on Aruba Instant On currently. At present, Aruba Instant On supports RADIUS for any wireless client authentication. https://www.arubainstanton.com/files/Aruba_Instant_On_Deployment_Guide.pdf