last person joined: 8 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass with JAMF and wired adapters

This thread has been viewed 6 times
  • 1.  ClearPass with JAMF and wired adapters

    Posted Sep 09, 2019 06:57 PM

    I am working on a wired authentication configuration with ClearPass and integrating with JAMF for MACbooks device attributes.  The challenge we have is that the MACbooks use adapters to connect to the wired switch port and each one has a separate MAC address, and is a separate device in the CPPM endpoint database.  


    It appears that JAMF is not aware of the adapters therefore the attributes we are trying to get are not attached to the MAC address of the adapter.  


    Im looking to see if anyone has any suggestions how to handle these devices when we are trying to verify the device is managed by JAMF?



  • 2.  RE: ClearPass with JAMF and wired adapters

    Posted Sep 10, 2019 10:11 AM

    The only real option here is to use EAP-TLS and ensure that an identifier available via the jamf integration is available in the certificate that can be used as the lookup value.

  • 3.  RE: ClearPass with JAMF and wired adapters

    Posted Jan 27, 2020 06:40 PM

    Hi Tim, 


    This project was started back in September last year and ended up getting put on hold for a bit.  We are getting back to it and wondering about machine authentication on the MAC laptops.  


    In other threads on other forums, it seems that machine authentication is not native to the MACs.  Im wondering if anyone has found a viable solution that will allow the MACs to complete machine and user authentication on the wired network with ClearPass?



  • 4.  RE: ClearPass with JAMF and wired adapters

    Posted Sep 23, 2021 04:49 PM

    I was wondering if you ever found a solutions - I have struggling with this same issue... Want to have MACbook authentication from JAMF and then log in wired network with ad credentials to get to private network.

    Larry Simanek