Security

Reply
Contributor II

Block MAC address regardless of service?

Hello,

 

We have less than 10 PCI devices we need to block from Wireless. I want to create a rule in Clearpass that will not provide them access to Wi-Fi. Do i have to create an enforcment profile Rule for the 802.1x and the mac auth service? or there is an area in clearpass that will allow me to block the mac address regardless of the service?

 

Thank you

Nils 

Contributor II

Re: Clearpass

I spoke with TAC, the best way to blacklist mac addresses from the wireless is to create a new service that reference a static host list. The enforcement profile will push a deny profile when the request is coming from the static host list regardless of the SSID. 

Guru Elite

Re: Clearpass

What about if the user changes their MAC address?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass

I have not seen the devices yet, but the company explained me the handhelds are owned by the company and do not have a screen for users to change the settings. There must be a way to console to it and spoof the mac address, however I am assuming the device is password protected too. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: