All,
I have a customer that is looking to blacklist MAC addresses by entering them into the Clearpass server. They have configured the following:
1. Created an Blacklist authentication source that's a static host list.
2. Created a MAC Authentication Service for Blacklisting
i. This service has a NAS-Port-Type of BELONGS_TO Wireless-802.11 (19)
ii. This service has a Service-Type of BELONGS_TO Login-User (1), Call-Check (10)
iii. This service has an Authentication Source EQUALS to Blacklist
3. The Blacklisting Service is enabled.
4. The Role Mapping is setup to send an Aruba VSA for a defined rule on the controller via an enforcement profile
5. The Blacklist Static Host List
This is basically a copy of the default MAC Authentication profile with a new authentication source.
Has anyone tried to set up something similar within CPPM? Any luck or tips to pull it off?
I'll be able to post Access Tracker output information about this service either tomorrow or the next day.
Thanks!
-Mike