Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

Jump to Best Answer
  • 1.  Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 11:10 AM

    Greetings.  Looking for help with creating Enforcement Policy/Role Mapping for computers that are not a member of the AD domain.  The authentication method is mab. Policy should be either move to a vlan or shut down the port.



  • 2.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 11:19 AM
    If you're doing MAB, how are you detecting domain membership? 

    802.1X should be used. 


  • 3.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 11:26 AM

    Is there a way to do this with only using mab?



  • 4.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 11:36 AM
    You would have to maintain MAC address lists which can be time intensive and is not very secure. 


  • 5.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 11:39 AM

    Ok, how can this be done? 



  • 6.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB
    Best Answer

    Posted May 10, 2016 11:45 AM
    The best way would be to add the devices to the guest device repository with a custom role and then reference that role in your MAC-auth service. 

    802.1X is highly recommended instead.


  • 7.  RE: Create Enforcement Policy/Role Mapping for Non Domain Computers using MAB

    Posted May 10, 2016 12:04 PM

    Thanks! Will give it a try.