Security

Reply
Contributor II

Clearpass 802.1X outer identity

Hi!

 

I´m wondering if there is a way to map RADIUS requests to a service looking at the suffix of the outer identity  of a user.

 

I´ve set up a lab where I use my inner identiy (EAP-PEAP or EAP-TTLS both are in the lab currently) myusername@companydomain.com . And I use a outer identity such as anonymous@example.com. 

 

What I want to achieve is mapping the request to the correct service depending on what outer identity suffix I use (or outer certificate). 

Is there a service rule I can use for this ? 

I´ve checked the access tracker and all I see there is my inner user-name. The outer never showes up.

 

Thanks!

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Guru Elite

Re: Clearpass 802.1X outer identity

Authentication:Full-Username ENDS_WITH

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass 802.1X outer identity

 

Hey that seems to be working!

 

I saw Authentication:Full-Username in access tracker but assumed that since it only shows my inner username I wouldn´t be able to use this property. But I guess its more a matter of what access tracker show you after the request has been proccessed. 

 

Thanks a bunch, been working on this for quite som time!

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: