Security

Reply
Super Contributor I

Clearpass Service selection issue

A while back I set up a service that does machine based authentication against our AD service. This was so that we could use dynamic vlans  on our switches to put a windoze device into one vlan when no-one is logged into it and into another based upon the user credentials via the login dialogue box. Part of the service selection was that the NAS-Port-Type was set to ethernet (15)

 

We then had a requirement for managed image laptops to perform machine based auth to get onto our wireless lan. As the only difference between an ethernet auth and a wireless auth is the value of the NAS-Port-Type attribute ( wireless 802.11=19) I modified my selection service to include NAS-Port-Type BELONGS_TO (Ethernet(15),Wireless 802.11(19))  See attached image

 

Machine Auth.png

 

The problem was that it didn't work for wireless. The wired machine auth still worked, but the wireless version skipped this service and was caught by my "deny all" service at the end of the list.

 

I then dupolicated the above service but replaced the NAS-Port-Type..... line with an NAS-Port-Type EQUALS Wireless-802.11(19) and a machine auth for wirless access worked.

 

So why did the shown config above not work?

 

Rgds

Alex

 

Guru Elite

Re: Clearpass Service selection issue

Use belongs to any.



Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: