02-05-2015 04:48 PM
Guys, I have setup Clearpass for wirless networks. I have captured hundreds of MAC addresses from random devices connecting to the SSIDs. Most of which I will never delegate network access too.
Now I want to apply MAC auth to the wired network. Im guessing the best way to do this is to setup IP helper addresses on the switch to point to Clearpass, however, I don’t want all those wired MAC addresses to live amongst the wireless MAC addresses. All the wired address will be granted access to the network and if they are mixed in with the hundreds of non-approved MAC it would seem to be unmanageable. Can I setup a different MAC database for the wired MAC? Is there a better way for me to do this?
02-05-2015 04:49 PM
No. It's a single database. You can however create custom attributes in the database and then write policies that check for those attributes.
02-05-2015 05:01 PM
02-05-2015 05:13 PM
Dont really want to manually approve devices if there is a better way to do this. The wired side has printers, IP cameras etc. Not quite sure how this will play out but MAC auth seems like a good choice. Im open to suggestions?
02-05-2015 05:16 PM
You can use the device profile (printer, computer, media player, etc) to let devices on, but that means any device that profiles that way would be let on.
You can use MACTrac registration
You could use 802.1X authentication for modern devices and use MAC-authentication (via MACTrac) for “dumb” devices like printers.
02-06-2015 06:53 AM