Security

dmendez7 · ‎01-17-2018

Hi community.

I'm triyng to authenticate devices using Clearpass MAC Authentication, I have created a static host list containing each mac address and assigned it as Authentication source.

Here you can see some screenshots:

On the other side(7210 controller) I have configured an open SSID with mac authentication enabled. The thing is that I'm not sure which role select on the Access options:

I have tried with several roles but every device that connects to the ssid can connect without problem.

But the Access Tracker shows this:

I'm new on clearpass and mac auth so I ask you for help if I'm missing something else.

Thank you in advance!

cappalli · ‎01-17-2018

What does the alerts tab show for the rejected request?

Also, why are you using static host lists instead of device registration?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

dmendez7 · ‎01-18-2018

Hi Tim,

This is what I got:

And the alerts:

Even with those alerts and Reject Actions the devices steel connects without problem.

mharing · ‎02-12-2018

Your better off using the Guest Device Repository as Tim mentioned. I just went through this same process. Guest Device Repository gives you much more to work with including names, descriptions, and any other custom field you can think of. Plus you can setup Guest Login with custom Admin Privileges to only add/manage/remove devices.

Your service would then look like:

Authenticaiton method: MAC AUTH

Authentication source: Guest Device Repository

Role Mapping - If Authentication Source = Guest Device Repository (or you can use a custom attribute to reference) Assign your Role.

Enforcement - TIPS Role EQUALS Your Role = Enforcement Profile (same as now)

Michael Haring
If my answer is helpful, a Kudos is always appreciated!

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Security

MAC Authentication isn't working properly.

MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Amigopod Operator Login assignment using VSAs?

Clearpass evaluation

Bonjour (AirPlay) by device location with CP

Backup CPPM

Can't see IOS Onboard device

Amigopod Operator Login assignment using VSAs?

Re: Server Rules and logical expressions

Re: Using Clearpass with EOL hardware.

Re: Restricting who can onboard a device in ClearPass

Re: ClearPass Policy Manager 5.0.1.38855 upgrade to 5.1.1

Deploying BYOD: Onboarding, Provisioning, Policy, Reporting

WLAN Security Fundamentals

[AirheadsConf LV 2013 Breakout] Networks - Mobility Access Switch Security Architecture

[VIDEO] Captive Portal Authentication with Aruba Instant and ClearPass

[VIDEO] 802.1X Authentication with Aruba Instant and ClearPass

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Remote AP Networks

Aruba Remote Access Point (RAP) Networks Validated Reference Design

Apple Captive Network Assistant Bypass with ClearPass Guest

Lync Over Aruba WiFi

AOS and CPPM – Dot1x Authentication and integration

Security

MAC Authentication isn't working properly.

MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Re: MAC Authentication isn't working properly.

Follow Us