Wireless Access

Reply
Contributor I

Wildcard for username in local mac auth

I have a customer that I am deploying Aruba switches in tunneled-node to the controllers and Clearpass for user/machine auth.  They also have Cisco phones.  I have CP doing mac auth for the phones by the first 6 of the mac and dot1x for the user.  However the customer doesnt care to see the phone mac request in access tracker.  The phone vlan is locked down.  So I thought I would do a AAA profile on the controller for the wired side with a server group that had the internal database ( for mac auth of the phones ) then fail through to the CP servers.  I have this setup but havent been back on site to test.  If this works than this will solve the problem with the phones mac authing to access tracker.  But that means we will have to add all mac addresses to the internal database of the controller.  Is there a way to do mac auth wildcard based access in the internal database so we dont have to add mac addresses to the internal DB?

ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security
Aruba

Re: Wildcard for username in local mac auth

Josh,

You can use a user-derivation rule to wildcard the phone MAC addresses instead of using the internal user database however since the AAA-Profile has to also accomodate legitimate user/machine auth, you will still get see the MAC Auth from the phone as it will hit the same policy. Perhaps I'm confused on the setup.


Best regards,

 

Madani

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: