Security

 View Only
last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wireless 802.1x with MAC Auth on Clearpass

This thread has been viewed 31 times

  • 1.  Wireless 802.1x with MAC Auth on Clearpass

    Posted Feb 10, 2021 06:47 AM
    Hi,

    Customer currently is running an SSID with 802.1x, but they have a requirement to add MAC Authentication.
    Is there any documents on how to configure this?

    I read in several threads that we use the mac auth (static host list) as an authorization source. But I'm not sure how it works.
    Thank you.

    ------------------------------
    AA
    ------------------------------


  • 2.  RE: Wireless 802.1x with MAC Auth on Clearpass

    EMPLOYEE
    Posted Feb 10, 2021 07:33 AM

    Sure, that is the way I kow to do that, you will use only the dot1x service.

     

    You first authenticate the client based on dot1x credentials

    Into the same service you'll add the authorization feature, and add here the Endpoint repository

    You'll use at the enforcement level some condition match the static host in order to obtain the allow access

     

    Some pictures as an example here, hope it helps you

     

    Interfaz de usuario gráfica, Texto, Aplicación Descripción generada automáticamenteInterfaz de usuario gráfica, Aplicación Descripción generada automáticamenteInterfaz de usuario gráfica, Texto, Aplicación, Correo electrónico Descripción generada automáticamente

     

    --------------

    Jorge Calvi

    --------------

     

     




    Original Message


  • 3.  RE: Wireless 802.1x with MAC Auth on Clearpass

    Posted Feb 10, 2021 07:49 AM

    Hi,

    Thank you for your answer. I would like to ask, how about the role mapping from the 802.1x credentials? I currently use the enforcement policy to give the user role.

    Extra question:

    Do you need to enable the mac authentication on the WLAN in the controller?

    ------------------------------
    AA
    ------------------------------

    Original Message


  • 4.  RE: Wireless 802.1x with MAC Auth on Clearpass

    EMPLOYEE
    Posted Feb 10, 2021 09:27 AM

    Role mapping is an optional, the role mapping idea is to simplify your enforcement policy, is a step below, trying to grouping conditions, get tags (roles) you'll then use then in enforcement, role mapping is never a must but is useful for simplify complex policies

     

    Regards

     

    --------------

    Jorge Calvi

    --------------

     

     




    Original Message


  • 5.  RE: Wireless 802.1x with MAC Auth on Clearpass

    MVP EXPERT
    Posted Feb 11, 2021 07:42 PM
    There is no need to use a MAC address as part of a secure authentication. What are you specifically trying to accomplish?

    ------------------------------
    Tim C
    ------------------------------

    Original Message