Security

Reply
MVP
Posts: 286
Registered: ‎11-04-2008

ClearPass Open Guest

I have two areas to provide guest access:

 

In one area, guest is total lock down, only register devices allow guest access.  This is simple, I use [Mac Auth] as authentication methods and authentication sources are Endpoints Repository, and static host list where I can control the allowing hosts

 

In the other area, guest is open.  In this case I use condition [Radius:Aruba:Aruba-AP-Group  EQUALS  STADIUM] where STADIUM is the ap-group to allow open guest.

I use default “Deny Access Role”, so any host does not meet the two conditions above will get deny

 

It all works well except one thing: in Access Tracker only guest allows in Endpoints Repository appears with ACCEPT status.  Guest in ap-group STADIUM is working but shows REJECT status, and of course deny guest also shows REJECT.  The REJECT guest in STADIUM confuses Help Desk support.

 

Question: host in STADIUM gets REJECT because no matching Authentication Methods.  Does CPPM have Authentication Methods work with [Radius: Aruba: Aruba-AP-Group]?

My CPPM is 6.4.1

Capture.JPG

 

Best Regards,

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 8,027
Registered: ‎09-08-2010

Re: ClearPass Open Guest

Use the Allow All MAC-Auth method

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 286
Registered: ‎11-04-2008

Re: ClearPass Open Guest

 

Wow, that's simple.  Thank you Tim!!! 

~Trinh Nguyen~
Boys Town
Search Airheads
Showing results for 
Search instead for 
Did you mean: