Security

Hi, Can ClearPass use more than 1 active directory (different domain) for different user group 8021.x authentication?  If yes, it is possible for this different  domain users to connect to same SSID? Please advise, thanks in advance.

Yes

Thanks for your reply. Can you advise how to create service on clearpass if this 2 domain users connect to same SSID? create one service with 2 authentication sources?  In such case, Clearpass still need to integrat with 1 AD domain, right? 

Yes, add a second auth source. If you’re using legacy EAP methods like PEAP, you’ll need to join ClearPass to both domains.

If join both domains, then also need to install 2 radius server certificates on clearpass, right? 

No. The authentication source has nothing to do with the EAP server certificate.

But if don't install private radius certificates which generated on both AD, then Clearpass cannot trust the AD source and will give error. I tried one AD integration with Clearpass before, have to installed the certificate. Please advise whether I am right. Thanks.

If you want to use multiple EAP server certificates, users need to authenticate with their fully qualified username and you would use two different services.

If not, you’ll have to choose one of the certs and configure the other clients to trust it.

If this 2 domain users connect to same SSID, how to use 2 services to filter the users? 

 

If not use EAP certificate, you mean just install first AD radius certificate on Clearpss, and configure Clearpass to trust second AD? how to configure Clearpass to trust AD without installing radius certificate? 

 

 

You should work with your ClearPass partner.

Sorry, currently no clearpass partner, can you help answer how to filter different domain users if they connecting to same SSID? Urgent! thanks a lot. 

Authentication:Full-Username ENDS_WITH @domain.xyz

thanks a lot for your kind reply. Have a good day!