Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Using Clearpass and IAPs, I have one SSID that needs to be able to do machine & user auth, plus mac and user auth via static hosts. Machine and user auth for domain machines and Mac and user auth for non-domain devices i.e. ipads etc. I was able to get the machine and user auth to work. Im having trouble getting the mac auth. I was referencing http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-MAC-Authentication-configuration-against-static-host-list/ta-p/180662 which doesn’t get me there. Do I need to setup a different service for the Mac and user Auth or can I add the Mac auth to the Machine and user auth service without hosing it? How to do this?
Advice and articles welcome. Thxs
Its a small mac list. Do you have instructional documents on how to do any of this stuff ?
Here is the basic setup, but what authentication type/method are you using? EAP-TLS? EAP-PEAP?
- Add the Endpoints Repository as an authorization source in your service.
- Add a new rule to your enforcement policy like below:
- Set endpoints to "Known" in the endpoint database.
Tim, I will give this a try tomorrow. How does Clearpass determine is a device is known vs unkown?
All devices are Unknown unless:
- You manually manually mark them as Known,
- You use an enforcement action to them to Known based on other values,
- You import a list of MAC address with the Known flag
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.