Security

Reply
Occasional Contributor II

ClearPass MAB EAP-MD5 with MSSQL

Ciao,

Do you know if it's possible to autenticate mac-address using MSSQL when the switch uses EAP-MD5 as protocol?

Thanks

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

Evaluate the MAC address during the authentication phase. For the authentication phase, do an Allow All MAC Auth.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: ClearPass MAB EAP-MD5 with MSSQL

Not the [EAP MD5] ???

 

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

If the switch can only do EAP-MD5, you'll need to do this workaround.

 

  1. Extract and Import the attached static host list.
  2. Create a new Static Host List authentication source and select the SHL previously imported
  3. Use this as the auth source along with [EAP MD5] as the method
  4. Add the SQL auth source as an additional authorization source

 

Screen Shot 2018-04-26 at 11.37.38 AM.png

 


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
SRM
Occasional Contributor I

s

 
Occasional Contributor II

Re: ClearPass MAB EAP-MD5 with MSSQL

Thanks Tim

However now I've this error regarding authorization. I attach the logs and SQL  cfg

Guru Elite

Re: ClearPass MAB EAP-MD5 with MSSQL

1) Your query for MAC address should be %{Connection:Client-Mac-Address} instead of username

2) Does the query work when you test in the attribute builder?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: