Security

Reply
Occasional Contributor I

Re: 802.1x - Identity MAC caching

Please, forgive me if I insist - I have possibilities and I think you can help me understand. would such a scenario be possible?

 

1.service_MAC_Authentication (allow unknows) Endpoint Phone Number EQUAL Radius: IETF: Calling-Station-Id Enforcement Allow Access

 

2.service_802.1x_Autentication (LDAP users) user_name / pass <---> Active Directory Enforcement Allow Access post-functionss Connection Client-Mac-address == (update_Endpoint) ==> Endpoint Phone Number

 

Questions

 

* I do not know if a Wi-Fi client (802.1x) can first go through a MAC authentication service. And the bad ones. Could this be the first service?

 

1. service_802.1x_Autentication Endpoint Phone Number EQUAL Radius: IETF: Calling-Station-Id Enforcement Allow Access

 

* That same client - could move to the second service if it does not find the MAC?

 

* In the second service - Is it possible to update a record with a value? or add a new field in Endpoints "client-mac" for use in the first service?

 

Thank you very much for your help understanding the operation of the clearpass

Guru Elite

Re: 802.1x - Identity MAC caching

No, as I've mentioned, this is not possible.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: 802.1x - Identity MAC caching

thank you very much for your help

;)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: