Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎12-24-2012

MAC spoofing and clear pass mac authentication

Hi team 

 

I have a concern regarding mac authentication done from the clearpass.

We are having a BYOD ssid with captive portal authentication . Users have to enter the AD credential to get internet access . 

We have mac caching service in clearpass so that the users are not directed to captive portal frequently.

As per the configuration of the services , when a user 1st time connects it will get a captive portal page . After providing AD credentials user will get authenticate and updated in the endpoint repository . 

Next day when the user comes back, the device will perform the mac auth and will be allowed access.

In the mac auth service we are checking the authorization time source   mac-auth expiry less then the current time .

 

 Now Here 

Any one can spoof the mac of the user device and can gain access . 

Is there any way to stop this ? 

Regards
Khalid Shaikh
Nesma Telecom and Technology
ACMA ACMP ACCP CCIE R&S
Guru Elite
Posts: 7,842
Registered: ‎09-08-2010

Re: MAC spoofing and clear pass mac authentication

You can leverage the conflict attribute which will be tripped if the device category changes. 

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: MAC spoofing and clear pass mac authentication

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Device-conflict/td-p/201891

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 17
Registered: ‎12-24-2012

Re: MAC spoofing and clear pass mac authentication

HI 

 

Thank you for the solution .. Thats great . If a device profile conflicts occurs i can assign deny access or a role to give a cp page . 

 

Still one confusion here . What if the mac spoofed is of same device . Like i have a smart phone and i spoofed the mac from the smart phone . The catagory ,family will be the same and will be allowed to access  .. even if spoofing .

 

Thanks 

Khalid Shaikh 

 

 

Regards
Khalid Shaikh
Nesma Telecom and Technology
ACMA ACMP ACCP CCIE R&S
Occasional Contributor II
Posts: 17
Registered: ‎12-24-2012

Re: MAC spoofing and clear pass mac authentication

HI 

 

Thank you for the solution .. Thats great . If a device profile conflicts occurs i can assign deny access or a role to give a cp page . 

 

Still one confusion here . What if the mac spoofed is of same device . Like i have a smart phone and i spoofed the mac from the smart phone . The catagory ,family will be the same and will be allowed to access  .. even if spoofing .

 

 

 

Regards
Khalid Shaikh
Nesma Telecom and Technology
ACMA ACMP ACCP CCIE R&S
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: MAC spoofing and clear pass mac authentication

that is unfortunately the case and simply can't be fully stopped. using MAC addresses opens the chance of MAC spoofing. the question is how many people will actually go through the process to do this (it does require a certain amount of skill and isn't that straight forward on several classes of devices) and what do they accomplish then.

Search Airheads
Showing results for 
Search instead for 
Did you mean: