Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass 802.1X outer identity

This thread has been viewed 10 times

  • 1.  Clearpass 802.1X outer identity

    Posted Sep 18, 2017 09:15 AM

    Hi!

     

    I´m wondering if there is a way to map RADIUS requests to a service looking at the suffix of the outer identity  of a user.

     

    I´ve set up a lab where I use my inner identiy (EAP-PEAP or EAP-TTLS both are in the lab currently) myusername@companydomain.com . And I use a outer identity such as anonymous@example.com

     

    What I want to achieve is mapping the request to the correct service depending on what outer identity suffix I use (or outer certificate). 

    Is there a service rule I can use for this ? 

    I´ve checked the access tracker and all I see there is my inner user-name. The outer never showes up.

     

    Thanks!



  • 2.  RE: Clearpass 802.1X outer identity
    Best Answer

    EMPLOYEE
    Posted Sep 18, 2017 09:49 AM
    Authentication:Full-Username ENDS_WITH


  • 3.  RE: Clearpass 802.1X outer identity

    Posted Sep 18, 2017 10:08 AM

     

    Hey that seems to be working!

     

    I saw Authentication:Full-Username in access tracker but assumed that since it only shows my inner username I wouldn´t be able to use this property. But I guess its more a matter of what access tracker show you after the request has been proccessed. 

     

    Thanks a bunch, been working on this for quite som time!