Security

Reply
jua
Occasional Contributor I

"Multi-tenant" Clearpass Guest

We're setting up 802.1x for few different customers and would I like allow the more advanced users to add devices for MAC authentication (IoTish stuff, some infoTVs etc that don't support anything else). I'm thinking of having a portal where user logs in and based on AD domain/rights he gets a drop down list of available VLANs he can add devices to. And user from different company would see different list.

 

Then in the service I would somehow map only relevant MAC address entries to the service.

 

Can I do this kind of stuff with Clearpass Guest or should I just create my own web site that adds stuff to SQL database and then create separate SQL authentication sources for different companies?

 

Thanks for any ideas!

Guru Elite

Re: "Multi-tenant" Clearpass Guest

Yes, you can just add a custom attribute based on the operator profile and then use it in policy.

Please just keep in mind that ClearPass is not designed to be a multi-tenant product.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
jua
Occasional Contributor I

Re: "Multi-tenant" Clearpass Guest

I can use the Guest feature for stuff too that's not "Guest traffic"? Wondering if I could for example do a portal for our help desk where they could add LTE SIM cards that are accepted to our own APN with Clearpass Guest

 

I put the multi-tenant in quotes as I read and noticed that Clearpass isn't really designed for multi-tenant use :)

Guru Elite

Re: "Multi-tenant" Clearpass Guest

What would SIM cards have to do with ClearPass?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
jua
Occasional Contributor I

Re: "Multi-tenant" Clearpass Guest

When an user tries to connect to our private APN, mobile operator sends RADIUS request to our Clearpass to check if that SIM card (/user) is allowed on to the APN. So the DB would contain SIM card / phone numbers and IP address information for the client. When a new user gets a SIM card, I'd like to have a simple portal for our help desk so they could add that somewhere where Clearpass can read it.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: