Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

This thread has been viewed 15 times

  • 1.  Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

    Posted Jan 05, 2022 08:21 AM
    hey Guys

    I'm looking for a way to advise clearpass to just EAP-TLS an authentication source (checking the certificate regarding trusted root and CRL/OCSP) but does not lookup in any kind of directory.

    Is this possible?

    I tried with a static host list, but this seems not to work together with EAP-TLS.

    Thanks for your help in advance
    Sincerely Jonas

    ------------------------------
    Jonas Stalder
    ------------------------------


  • 2.  RE: Clearpass Auth. Source that allows every host just by certificate (without checking in Source)
    Best Answer

    MVP GURU
    Posted Jan 05, 2022 03:59 PM
    Hi,

    yes, you need to add new EAP-TLS Method without Authorization

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 3.  RE: Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

    Posted Jan 06, 2022 02:57 AM
    Thank you Alexis, this has solved the issue!

    ------------------------------
    Jonas Stalder
    ------------------------------

    Original Message