08-06-2013 06:21 AM
before i start building it id check if someone knows this for sure. the problem with MAC authentication is MAC spoofing. does the Endpoint database help here? i mean what happens when i login with a two devices with the same MAC but with clearly different OSes (Linux / Win / Mac) do two different end points end up in the database, or does one overwrite the other?
Solved! Go to Solution.
08-06-2013 06:42 AM
Yes!!! We create a conflict condition if say a HP Printer (originally profiled) starts showing up as a Debian Linux device. We can catch this and flag it as a "conflict" and based on that state you can trigger a deny or CoA termination to the network.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
02-26-2014 12:04 PM
hadnt even noticed, been working on getting mac spoof detection working for months now, no luck. personally im starting to feel it doesnt work (anymore) and there doesnt appear to be any interest in getting it to work.
of course it is nothing more then a nice gimmick, even if the functionality would work in clearpass there are too many ways to bypass it.
09-15-2014 11:10 AM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.