Security

Reply
Occasional Contributor II
Posts: 18
Registered: ‎04-27-2016

Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

Greetings.  Looking for help with creating Enforcement Policy/Role Mapping for computers that are not a member of the AD domain.  The authentication method is mab. Policy should be either move to a vlan or shut down the port.

Guru Elite
Posts: 8,323
Registered: ‎09-08-2010

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

If you're doing MAB, how are you detecting domain membership? 

802.1X should be used. 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 18
Registered: ‎04-27-2016

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

Is there a way to do this with only using mab?

Guru Elite
Posts: 8,323
Registered: ‎09-08-2010

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

You would have to maintain MAC address lists which can be time intensive and is not very secure. 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 18
Registered: ‎04-27-2016

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

Ok, how can this be done? 

Guru Elite
Posts: 8,323
Registered: ‎09-08-2010

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

The best way would be to add the devices to the guest device repository with a custom role and then reference that role in your MAC-auth service. 

802.1X is highly recommended instead.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 18
Registered: ‎04-27-2016

Re: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

Thanks! Will give it a try.

Search Airheads
Showing results for 
Search instead for 
Did you mean: