Block MAC address regardless of service?
05-08-2017 11:57 AM - last edited on 05-09-2017 05:17 AM by cappalli
We have less than 10 PCI devices we need to block from Wireless. I want to create a rule in Clearpass that will not provide them access to Wi-Fi. Do i have to create an enforcment profile Rule for the 802.1x and the mac auth service? or there is an area in clearpass that will allow me to block the mac address regardless of the service?
05-08-2017 02:26 PM
I spoke with TAC, the best way to blacklist mac addresses from the wireless is to create a new service that reference a static host list. The enforcement profile will push a deny profile when the request is coming from the static host list regardless of the SSID.
05-09-2017 05:14 AM
05-09-2017 02:36 PM
I have not seen the devices yet, but the company explained me the handhelds are owned by the company and do not have a screen for users to change the settings. There must be a way to console to it and spoof the mac address, however I am assuming the device is password protected too.