Security

Reply

Wired 802.1X with CPPM & Google Apps

Hi All,

 

I've got an opportunity where a customer uses Google app exclusively. They have no local user repository.

 

They are looking to implement wired 802.1X with MAC fallback for device which do not support wired 802.1X. Their switches support this.


They have a mixture of client device types; Windows, Linux, MACs.

 

Here's what I've read and been told:

 

  1. ClearPass OnBoard can probably work in this scenario if it were Wi-Fi. This isn't really workable anyway on Linux machines.
  2. ClearPass & Cloudessa together would support this. Or rather Cloudessa support it and CPPM could be used as a RADIUS Proxy. There are limitation to this though, one of which is devices will need to support EAP-TTLS

Am I missing something? Is there another way to make this work?

 

Could we just present a captive portal to all clients then authenticate using CPPM Guest with Google Apps and MAC caching?

 

 Keen to hear your thoughts .

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: Wired 802.1X with CPPM

We generally recommend using G Suite pre-authentication with ClearPass Onboard for the most secure solution.

MAC caching could be used but generally isn't recommended for a primary authentication method.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Wired 802.1X with CPPM


cappalli wrote:
We generally recommend using G Suite pre-authentication with ClearPass Onboard for the most secure solution.

MAC caching could be used but generally isn't recommended for a primary authentication method.

Hi Tim,

 

OnBoard isn't really a viable option due to the cumbersome Linux onboarding procedure. Also as this is wired would it work anyway?

 

I agree with the MAC caching comment. 

 

This doesn't leave many options.

 

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: Wired 802.1X with CPPM

Yes, Onboard is supported for both wired and wireless.

 

Which Linux distros are in use? What percentage of the user population?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: