last person joined: 37 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

MAC Address authentication

Jump to Best Answer
  • 1.  MAC Address authentication

    Posted Dec 21, 2011 07:40 AM

    Hi experts.


    I have two SSIDs to old devises that authentic by MAC Address. Theses old devices can authenticate in both SSIDs, but I would like to set different roles for each SSID.


    My issue is:

    The user authentication is done by MAC address that uses the internal database. When I create a user (MAC Address) in the internal database, is assigned a default role for this user, as guest.


    So, this user uses the guest role for both SSIDs.  Is there way to configure a default role for a VAP as is done in others authenticate modes?


    Thank you

  • 2.  RE: MAC Address authentication
    Best Answer

    Posted Dec 21, 2011 08:26 AM

    In the mac address authentication profile, you can specify a format.  Part of the format is Delimiter, or none, colon or dash.  For one SSID make the mac authentication profile have no delimeter, so that the mac addreses will have to format AABBCCDDEEFF.  The other SSID will have  a mac authentication profile that has a delimeter of Colon, so you will enter those mac addresses of AA:BB:CC:DD:EE:FF.


    The end result is tht devices will authenticate with a different format, depending on the SSID that they connect to, and you have to enter them into the internal database differently, as a result.

  • 3.  RE: MAC Address authentication

    Posted Dec 21, 2011 08:48 AM

    Thank you very much! Cjoseph.

  • 4.  RE: MAC Address authentication

    Posted Dec 21, 2011 08:49 AM

    An engineer from Texas told me this idea about two months ago.  I cannot take credit for it.