Tim,
Can I build an Enforcement Policy rule logic (where I just enforce the [Allow Access Profile] as an action) on an 802.1x service, where I want,
Condition 1: User exists in AD (that part is basic enough)
Condition 2: Endpoint identifier sits in Static-Host-List (which i've already setup as an Authentication Source.. but with the host-list defined as an 'Authentication Source'.. I can't go into 'General' tab and tick the checkbox for 'Use for Authorization'... it is greyed out.. implying it's not eligible to be used as an Authorization Source... any reason why ?)
With the lack of the Authentication Source of the Static-Host-List setup for Authorization also ... it means when I'm building my enforcement policy I can't auto-resolve the Static-Host-List as an 'Authorization Source'.. only the Microsoft AD one is showing..
So.. I just want a logic AND, where user is in AD as well as endpoint identifier they are passing is in Static-Host-List.
Unless... I just do it like this ?
https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/clearpass-mac-auth-matching-static-host-list/td-p/171882.
But then, I need a separate service as it's 'MAC Auth' as a service that will trigger it.
Thoughts ?