Security

 View Only
last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

Jump to Best Answer
This thread has been viewed 14 times
  • 1.  Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

    Posted Jan 05, 2022 08:21 AM
    hey Guys

    I'm looking for a way to advise clearpass to just EAP-TLS an authentication source (checking the certificate regarding trusted root and CRL/OCSP) but does not lookup in any kind of directory.

    Is this possible?

    I tried with a static host list, but this seems not to work together with EAP-TLS.

    Thanks for your help in advance
    Sincerely Jonas

    ------------------------------
    Jonas Stalder
    ------------------------------


  • 2.  RE: Clearpass Auth. Source that allows every host just by certificate (without checking in Source)
    Best Answer

    MVP GURU
    Posted Jan 05, 2022 03:59 PM
    Hi,

    yes, you need to add new EAP-TLS Method without Authorization

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: Clearpass Auth. Source that allows every host just by certificate (without checking in Source)

    Posted Jan 06, 2022 02:57 AM
    Thank you Alexis, this has solved the issue!

    ------------------------------
    Jonas Stalder
    ------------------------------