Security

Reply
Contributor I

how to use Static host list in Clearpass as Authentication server ?

How to uset Static Host list as Authentication server and if it is no possible ,how to use Clearpass as Authentication server for specific service?

Guru Elite

Re: how to use Static host list in Clearpass as Authentication server ?

It can be used as an authentication source for a MAC-auth service or an
authorization source for an 802.1X service.


What exactly are you trying to do?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: how to use Static host list in Clearpass as Authentication server ?

Use it in MAC service but I cant foind it in list where I add authentication source

Guru Elite

Re: how to use Static host list in Clearpass as Authentication server ?

Add a new authentication source of type Static Host List.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: how to use Static host list in Clearpass as Authentication server ?

Tim,

 

Can I build an Enforcement Policy rule logic (where I just enforce the [Allow Access Profile] as an action) on an 802.1x service, where I want,

Condition 1: User exists in AD (that part is basic enough)

Condition 2: Endpoint identifier sits in Static-Host-List (which i've already setup as an Authentication Source.. but with the host-list defined as an 'Authentication Source'.. I can't go into 'General' tab and tick the checkbox for 'Use for Authorization'... it is greyed out.. implying it's not eligible to be used as an Authorization Source... any reason why ?)

 

With the lack of the Authentication Source of the Static-Host-List setup for Authorization also ... it means when I'm building my enforcement policy I can't auto-resolve the Static-Host-List as an 'Authorization Source'.. only the Microsoft AD one is showing..

 

Untitled.png

 

So.. I just want a logic AND, where user is in AD as well as endpoint identifier they are passing is in Static-Host-List.

Unless... I just do it like this ?

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/clearpass-mac-auth-matching-static-host-list/td-p/171882.

But then, I need a separate service as it's 'MAC Auth' as a service that will trigger it.

 

Thoughts ?

Guru Elite

Re: how to use Static host list in Clearpass as Authentication server ?

Just use Connection:Client-Mac-Address BELONGS_TO_GROUP

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Moderator

Re: how to use Static host list in Clearpass as Authentication server ?

To use it as an authN source..... after you've created the static list.... go create a new auth-source type=static host list and on the second tab select your newly created static-host-list....

 

HTH

 

ClearPass_Policy_Manager_-_Aruba_Networks.jpg

 

 

ClearPass_Policy_Manager_-_Aruba_Networks1.jpg


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: