Security

Reply
Occasional Contributor II

MAC Authentication isn't working properly.

Hi community.

 

I'm triyng to authenticate devices using Clearpass MAC Authentication, I have created a static host list containing each mac address and assigned it as Authentication source.

 

Here you can see some screenshots:

 

MACAUTH0.PNGMACAUTH1.PNGMACAUTH2.PNGOn the other side(7210 controller) I have configured an open SSID with mac authentication enabled. The thing is that I'm not sure which role select on the Access options:

 

MACAUTH3.PNG

I have tried with several roles but every device that connects to the ssid can connect without problem.

 

But the Access Tracker shows this:

MACAUTH4.PNG

I'm new on clearpass and mac auth so I ask you for help if I'm missing something else.

 

Thank you in advance!

Guru Elite

Re: MAC Authentication isn't working properly.

What does the alerts tab show for the rejected request?

Also, why are you using static host lists instead of device registration?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: MAC Authentication isn't working properly.

Hi Tim,

 

This is what I got:MACAUTH5.PNG

And the alerts:

 

MACAUTH6.PNG

Even with those alerts and Reject Actions the devices steel connects without problem.

Re: MAC Authentication isn't working properly.

Your better off using the Guest Device Repository as Tim mentioned. I just went through this same process. Guest Device Repository gives you much more to work with including names, descriptions, and any other custom field you can think of. Plus you can setup Guest Login with custom Admin Privileges to only add/manage/remove devices.

 

Your service would then look like:

Authenticaiton method: MAC AUTH

Authentication source: Guest Device Repository

Role Mapping - If Authentication Source = Guest Device Repository (or you can use a custom attribute to reference)  Assign your Role.

Enforcement - TIPS Role EQUALS Your Role = Enforcement Profile (same as now)


Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: