Security

Reply
Frequent Contributor II
Posts: 110
Registered: ‎12-07-2007

MAC authentication

I need a clarification for MAC authentication:  Is it possible for CPPM to know a device's OS when using MAC authentication?  There is no profiliing since there is no user authentication.  The controllers ID's the devices properly but I can't get CPPM to use that information for role assignments.

 

I'm working with TAC but I'm not sure I've explained it correctly to them.  I keep seeing ChromeOS in traces but they say they don't see it in the traces.  CPPM does not indicate in the 'input' tab anything to indicate the OS of the device when using MAC authentication.

MVP
Posts: 4,172
Registered: ‎07-20-2011

Re: MAC authentication

What you need to do is enabled to profile Endpoints:

 

2015-01-08 09_23_32-ClearPass Policy Manager - Aruba Networks.png

 

Then at end of your profile add that if is not profiled to dumb it in "PROFILING VLAN or ROLE"

2015-01-08 09_22_54-ClearPass Policy Manager - Aruba Networks.png

And then it will get CoA by the Profiler

2015-01-08 09_23_15-ClearPass Policy Manager - Aruba Networks.png

 

Make sure you enabled CoA on the controller

2015-01-08 09_26_36-Authentication Profiles.png

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 8,182
Registered: ‎09-08-2010

Re: MAC authentication

You can set up a role map that uses the controller's profile. This can be beneficial if you don't want to wait for the device to profile and force them to reauth again.

 

chomeos-rolemap.PNG

 

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: