Security

How to uset Static Host list as Authentication server and if it is no possible ,how to use Clearpass as Authentication server for specific service?

It can be used as an authentication source for a MAC-auth service or an
authorization source for an 802.1X service.


What exactly are you trying to do?

Use it in MAC service but I cant foind it in list where I add authentication source

Add a new authentication source of type Static Host List.

Tim,

 

Can I build an Enforcement Policy rule logic (where I just enforce the [Allow Access Profile] as an action) on an 802.1x service, where I want,

Condition 1: User exists in AD (that part is basic enough)

Condition 2: Endpoint identifier sits in Static-Host-List (which i've already setup as an Authentication Source.. but with the host-list defined as an 'Authentication Source'.. I can't go into 'General' tab and tick the checkbox for 'Use for Authorization'... it is greyed out.. implying it's not eligible to be used as an Authorization Source... any reason why ?)

 

With the lack of the Authentication Source of the Static-Host-List setup for Authorization also ... it means when I'm building my enforcement policy I can't auto-resolve the Static-Host-List as an 'Authorization Source'.. only the Microsoft AD one is showing..

 

 

So.. I just want a logic AND, where user is in AD as well as endpoint identifier they are passing is in Static-Host-List.

Unless... I just do it like this ?

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/clearpass-mac-auth-matching-static-host-list/td-p/171882.

But then, I need a separate service as it's 'MAC Auth' as a service that will trigger it.

 

Thoughts ?

Just use Connection:Client-Mac-Address BELONGS_TO_GROUP <SHL-NAME></SHL-NAME>

To use it as an authN source..... after you've created the static list.... go create a new auth-source type=static host list and on the second tab select your newly created static-host-list....

 

HTH