Security

Reply
New Contributor

Apply ClearPass Service Based on Authentication Method

I am currently running a ClearPass virtual appliance (6.6.8) and would like to enforce what Service is applied based on authentication method.

I have a single SSID and would like two services as outlined:

Service 1 would be applied to any device attempting authenticating with EAP-PEAP or EAP-MSCHAPv2 and would apply enforcement policies if the computer is domain joined and the user is a member of a certain AD group.

Service 2 would be applied to any device attempting authenticating with EAP-TLS or EAP-TTLS using an Onboard certificate and again would apply enforcement policies relating to the user.

When I try to add a service rule that says "Authentication InnerMethod Belongs to EAP-MSCHAPv2 or EAP-PEAP" the policy doesn't apply even though I know that the device is using one of these methods.

Any help would be appreciated.

Guru Elite

Re: Apply ClearPass Service Based on Authentication Method

Not possible. The EAP methods are negotiated after service categorization. It's not a ClearPass limitation, it's how the protocols work.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: