Security

Reply
Highlighted
New Contributor

ClearPass - 802x wired auth for OSX - More checks

Hi,

 

We are testing wired auth for the latest OSX laptops. Our Clearpass Service checks for username and password, but we would like to add a second check to it. For our wireless, we check for user name and password + if the laptop endpoint is in JAMF's database. Is there something similar that we can do on wire auth, or can you give me another solution to verify that this device is a corporate-owned device.?

 

Highlighted
Guru Elite

Re: ClearPass - 802x wired auth for OSX - More checks

Do 802.1x with EAP-TLS certificates only.  If the device passes and the method is EAP-TLS, it is a corporate device.  You still have to option to allow EAP-PEAP/MsChapV2 but give it a different level of access or NONE.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Moderator

Re: ClearPass - 802x wired auth for OSX - More checks

So regardless if they are wired or wireless, we need some context to reference for an authorization;

 

Are these wired devices also in JAMF

Are they enrolled in some asset/CMDB

Are they running some endpoint security, Crowdstrike/Cylance/McAfee etc.

Do they have a Corporate device cert installed

 

Any of these and there are other could be used to validate if the device is a corporate mac.

 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: