Security

Reply
Occasional Contributor II
Posts: 56
Registered: ‎06-27-2016

how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

I have 802.1x enabled devices, which we need to authenticate using 802.1x and MAC authentication at same time.

So if the MAC address is unknown then put the client in Guest VLAN.

And if the MAC address is known, then continue with 802.1x user authentication and posture check.

 

Thanks

 

Regards

Mahmoud

Mahmoud
Guru Elite
Posts: 8,212
Registered: ‎09-08-2010

Re: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

What is your authentication server?
How will you be maintaining a list of MAC addresses?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 56
Registered: ‎06-27-2016

Re: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

The authentication server is active directory.

For the MAC addresses, I will enter them manually to the CP endpoint repository.

 

Regards

Mahmoud

Mahmoud
Guru Elite
Posts: 8,212
Registered: ‎09-08-2010

Re: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

So just create a basic 802.1X authentication service, enable authorization, select the Guest Device Repository as an authorization source, then just add in your rules for whether the MAC address is registered in the database.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 56
Registered: ‎06-27-2016

Re: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

So I just have to edit the same 802.1x service and no need to create another service.

I will try this and update.

 

But what if we need to authenticate the non 802.1x enabled devices over MAC authentication, then I think I have to create another service for MAC authentication to match the non 802.1x devices, right?

Mahmoud
Search Airheads
Showing results for 
Search instead for 
Did you mean: