Security

We're setting up 802.1x for few different customers and would I like allow the more advanced users to add devices for MAC authentication (IoTish stuff, some infoTVs etc that don't support anything else). I'm thinking of having a portal where user logs in and based on AD domain/rights he gets a drop down list of available VLANs he can add devices to. And user from different company would see different list.

 

Then in the service I would somehow map only relevant MAC address entries to the service.

 

Can I do this kind of stuff with Clearpass Guest or should I just create my own web site that adds stuff to SQL database and then create separate SQL authentication sources for different companies?

 

Thanks for any ideas!

Yes, you can just add a custom attribute based on the operator profile and then use it in policy.

Please just keep in mind that ClearPass is not designed to be a multi-tenant product.

I can use the Guest feature for stuff too that's not "Guest traffic"? Wondering if I could for example do a portal for our help desk where they could add LTE SIM cards that are accepted to our own APN with Clearpass Guest

 

I put the multi-tenant in quotes as I read and noticed that Clearpass isn't really designed for multi-tenant use :)

What would SIM cards have to do with ClearPass?

When an user tries to connect to our private APN, mobile operator sends RADIUS request to our Clearpass to check if that SIM card (/user) is allowed on to the APN. So the DB would contain SIM card / phone numbers and IP address information for the client. When a new user gets a SIM card, I'd like to have a simple portal for our help desk so they could add that somewhere where Clearpass can read it.