Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Open Guest

This thread has been viewed 4 times

  • 1.  ClearPass Open Guest

    Posted Oct 29, 2014 11:21 AM

    I have two areas to provide guest access:

     

    In one area, guest is total lock down, only register devices allow guest access.  This is simple, I use [Mac Auth] as authentication methods and authentication sources are Endpoints Repository, and static host list where I can control the allowing hosts

     

    In the other area, guest is open.  In this case I use condition [Radius:Aruba:Aruba-AP-Group  EQUALS  STADIUM] where STADIUM is the ap-group to allow open guest.

    I use default “Deny Access Role”, so any host does not meet the two conditions above will get deny

     

    It all works well except one thing: in Access Tracker only guest allows in Endpoints Repository appears with ACCEPT status.  Guest in ap-group STADIUM is working but shows REJECT status, and of course deny guest also shows REJECT.  The REJECT guest in STADIUM confuses Help Desk support.

     

    Question: host in STADIUM gets REJECT because no matching Authentication Methods.  Does CPPM have Authentication Methods work with [Radius: Aruba: Aruba-AP-Group]?

    My CPPM is 6.4.1

    Capture.JPG

     

    Best Regards,



  • 2.  RE: ClearPass Open Guest
    Best Answer

    EMPLOYEE
    Posted Oct 29, 2014 11:24 AM
    Use the Allow All MAC-Auth method


  • 3.  RE: ClearPass Open Guest

    Posted Oct 29, 2014 12:19 PM

     

    Wow, that's simple.  Thank you Tim!!!