Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎01-19-2010

MAC authentication in clearpass

I am trying to configure clearpass, for mac authentication for guest access, but have having trouble triggering the "guest mac authentication service.

 

I used the "guest mac authentication"  template to create the service "mac authentication" and "guest access with mac caching"

 

The "guest access with mac caching service is matched in the access tracker, authenticates me against the "guest user repository"  updates the endpoint to known etc, and sends the correct role to the controller in order to allow me to access the guest services/internet etc.

 

I have followed various implementation guides and other posts on here but I cannot get the "mac authentication service to trigger"

 

Not even to deny a host that has never connected. 

 

The mac authentication is set as shown below:

 

Service tab

 

type mac authentication

Service rule: match all

 

type: connection                 name: client-mac-address      operator: EQUALS               Value: %{radius:IETF:User-name}

type: RadiusAruba             name:Aruba-Essid-Name       operator: EQUALS               Value:  Lab_GUEST

 

 

Authentication

 

Methods = [MAC AUTH]

Authentication sources [Endpoints repository] [local SQL DB]

 

Authorisation

Authorisation source [insight repository] [local SQL Db]

 

I have seen in other posts that not having "Insight enabled" can cause problems but this is enabled, Checks after I have authenticated show that my device is changed to a known device etc, but I still don't get hits on the access tracker for my "mac auth service"

 

Any ideas or suggestions would be greatly appreciated.

 

 

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: MAC authentication in clearpass

Do you have MAC authentication enabled for the SSID in your controller?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 7
Registered: ‎01-19-2010

Re: MAC authentication in clearpass

Hi Cappalli

 

First, thanks for the quick reply,

 

Good call, I had set up a mac authentication aaa profile to clearpass etc, but selected the wrong one under the ssid.

 

Now that this has been corrected i am seeing the correct authentication attempts hit clearpass

 

Thanks again

Search Airheads
Showing results for 
Search instead for 
Did you mean: