- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
mac authentication filter
mac authentication filter
02-07-2013 02:00 PM
We have mac authentication enable for all users with x number of expiring hours. There are groups of computers(fix workstations) share with customers. I would like assign different mac authentication time out or no mac caching for these workstations. I can't differential this by user account because anyone can sign in with these workstations. The only thing is the mac address from each workstations. My though is build a list of mac addresses within Clearpass if anyone sign in with this mac address, assign different mac cach time out or no mac cache at all. I am running Clearpass version 3.9 at the momemt.
Let me know if you have the same situation and ideas for solution. Thx!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: mac authentication filter
Re: mac authentication filter
02-07-2013 04:22 PM
Hello
What kind of enviroment you got? because aruba recoments agains the use of Mac authentication as its really weak, and its easy to crack.
It is not possible to deploy 802.1x?
Or can you explain us why you using mac authentication in your enviroment maybe there is a better way to do this besides using mac authentication.
Cheers
Carlos
Product Manager - Aruba Networks
Alternetworks Corp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: mac authentication filter
Re: mac authentication filter
02-08-2013 06:56 AM
i understand mac is easy to crack. This wlan is only use by the customer. It configure to authenticated over the captive portal (via ClearPass of course). Mac authentication is enable after first initial login. It just a convinient for customers to log back in without typing the credentail again.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: mac authentication filter
Re: mac authentication filter
02-08-2013 07:22 AM
skywalker wrote:
i understand mac is easy to crack. This wlan is only use by the customer. It configure to authenticated over the captive portal (via ClearPass of course). Mac authentication is enable after first initial login. It just a convinient for customers to log back in without typing the credentail again.
I would create a second SSID for those computers and only broadcast that SSID in that area where the fixed computers are.
You would create a different Weblogin in ClearPass that does not have Mac Caching and in the initial role for those users, forward them via the Captive Portal authentication profile to the URL of that new Weblogin.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: mac authentication filter
Re: mac authentication filter
02-11-2013 02:11 PM
Thanks Colin!
As much as i want to avoid creating a new SSID for this. Thing will just get messier this way. I kinda have an idea. The captive portal from controler itself has a link for to click and logout. Is there a link like that from ClearPass? i can just create a short-cut/URL on the desktop for user to click and logout.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: mac authentication filter
Re: mac authentication filter
02-11-2013 02:45 PM
Regards
John Solberg
-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator