Security

Reply
Contributor I
Posts: 103
Registered: ‎12-26-2014

Clearpass MAC authentication and 802.1x Configuration?

Hi dears ,

 

I hvae only 1 SSID I want to configure MAC authentication for Specific devices and if MAC authentication fail I want this user to auuthenticate using 802.1x through AD username and password so I have configured the below:

 

 

Creat MAC Authentciation service and Creat statict host list and make MAC authetication service to be ordered #1 and Joined CP to Domain and use binding username and password and and create 802.1x Aruba wireless Service to and use authentication server AD so till now we didn't test so kindly confirm if there is something missing or something I should make sure of?

Guru Elite
Posts: 7,841
Registered: ‎09-08-2010

Re: Clearpass MAC authentication and 802.1x Configuration?

This is not possible on wireless with 802.1X. You can use MAC address as an authorization source after successful authentication.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 103
Registered: ‎12-26-2014

Re: Clearpass MAC authentication and 802.1x Configuration?

I thought that if f I used MAC Authentication service and used Static Host list as authentication source it will match only with MAC adrdress in this list and if it not exist it will check for next service which is 802.1x service so kindly update me what is the best alternative to do so?

Guru Elite
Posts: 7,841
Registered: ‎09-08-2010

Re: Clearpass MAC authentication and 802.1x Configuration?

User authenticaton has to pass then the static host list can be used for authorization.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 103
Registered: ‎12-26-2014

Re: Clearpass MAC authentication and 802.1x Configuration?

So kindly confirm if I created on AD an OU with all MAC address as username and password and create MAC authentication service and used this AD as authentication source will this work with MAC auth Method? and next service will be 802.1x as if user MAC address doesn't exist it will hit the next service which is 802.1x and use normal AD user name and password?

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Clearpass MAC authentication and 802.1x Configuration?

i believe that the problem is that your wireless controller won't do either MAC auth or dot1x. with aruba  you can get it to do both. but then both have to succeed. if one fails then there no access. it doesn't work like one fails, fallback to the other.

Search Airheads
Showing results for 
Search instead for 
Did you mean: