Security

Reply
Frequent Contributor I
Posts: 84
Registered: ‎09-08-2015

MAC authentication initial role

Just troubleshooting an issue where I'm unable to connect to a network that uses ClearPass to do basic MAC auth against the endpoints repository.

 

What should the 'initial role' be set to in the AAA policy? Should this allow DHCP etc so the client can associate properly?

Currently the initial role is 'denyall', which doesn't seem right?

Should it be possible to see user's that are in the denyall role with 'show user-table'?

Guru Elite
Posts: 8,634
Registered: ‎09-08-2010

Re: MAC authentication initial role

If using an external server, the initial role should be set for use with a deny.

For example, in a guest workflow, this may be the guest registration role.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 84
Registered: ‎09-08-2015

Re: MAC authentication initial role

Sure, but would you expect 'denyall' to be an appropriate initial role?

Search Airheads
Showing results for 
Search instead for 
Did you mean: