- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
01-17-2018 02:13 PM
Hi community.
I'm triyng to authenticate devices using Clearpass MAC Authentication, I have created a static host list containing each mac address and assigned it as Authentication source.
Here you can see some screenshots:
On the other side(7210 controller) I have configured an open SSID with mac authentication enabled. The thing is that I'm not sure which role select on the Access options:
I have tried with several roles but every device that connects to the ssid can connect without problem.
But the Access Tracker shows this:
I'm new on clearpass and mac auth so I ask you for help if I'm missing something else.
Thank you in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: MAC Authentication isn't working properly.
Re: MAC Authentication isn't working properly.
01-17-2018 03:46 PM
Also, why are you using static host lists instead of device registration?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: MAC Authentication isn't working properly.
Re: MAC Authentication isn't working properly.
01-18-2018 12:29 PM - edited 01-18-2018 12:32 PM
Hi Tim,
This is what I got:
And the alerts:
Even with those alerts and Reject Actions the devices steel connects without problem.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
02-12-2018 01:19 PM - edited 02-12-2018 01:20 PM
Your better off using the Guest Device Repository as Tim mentioned. I just went through this same process. Guest Device Repository gives you much more to work with including names, descriptions, and any other custom field you can think of. Plus you can setup Guest Login with custom Admin Privileges to only add/manage/remove devices.
Your service would then look like:
Authenticaiton method: MAC AUTH
Authentication source: Guest Device Repository
Role Mapping - If Authentication Source = Guest Device Repository (or you can use a custom attribute to reference) Assign your Role.
Enforcement - TIPS Role EQUALS Your Role = Enforcement Profile (same as now)
Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator