Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Mac address authentication in ClearPass

This thread has been viewed 14 times
  • 1.  Mac address authentication in ClearPass

    Posted 11 days ago
    is there any limit as to how many mac address i can add to the clearpass static host lists?
    currently i have 46 mac address added to the static host lists and i have more new devices to be added


  • 2.  RE: Mac address authentication in ClearPass

    EMPLOYEE
    Posted 11 days ago
    I'm not aware of a limit in the number of devices in the static host list. Just be aware that the use of static host lists is not really recommended because these are not really flexible and the management is cumbersome. You could probably achieve the same with endpoint attributes in the endpoint database.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Mac address authentication in ClearPass

    Posted 11 days ago
    what is endpoint database ?


  • 4.  RE: Mac address authentication in ClearPass

    EMPLOYEE
    Posted 11 days ago
    Endpoints Database is where all of the MAC address seen by ClearPass are stored:


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Mac address authentication in ClearPass

    Posted 10 days ago
    do i need to make any changes in order for endpoints attributes to work ?


  • 6.  RE: Mac address authentication in ClearPass

    EMPLOYEE
    Posted 10 days ago
    as mentioned earlier, the endpoint db will have all the mac address and profiling information for any device that does MAC auth. You can also add manual attributes to it or use enforcement profiles to update an attribute based on your policy.
    to make use of any Endpoint attributes, you need to check for it in role-mapping or in your enforcement policy.
    https://www.arubanetworks.com/techdocs/ClearPass/6.11/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

    Now for MAC auth, when you configure the service, by default, endpoint db is used as Auth source, it will look for endpoint attribute "status", if it is known, it will pass the mac-auth. if status=unknown then you can use that and redirect to a captive portal (as an example)

    you dont need to reorder anything in endpoint db, but if you want to use it for mac-auth service, then you need to add it as an auth source, then you can make use of any of its attributes in your enforcement policy and role mapping logic.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 7.  RE: Mac address authentication in ClearPass

    MVP EXPERT
    Posted 10 days ago
    Well after adding your attribute you’ll need to check it exists and has. An appropriate value as part of your auth process
    A

    Sent from my iPhone