Security

Reply
Occasional Contributor II

ClearPass Service setup 802.1x Wired on 2 domains without trust

I'm new to ClearPass and trying to setup meraki 802.1x wired where 2 companies will share the switches. There is not trust between these domains. I need to identify the user by domain and send it to the correct AD server. I dont have the kit to test the policy on a switch.

I'm looking for some guidance, can I add something like below in the service to identify the user below the default template Service Rules in the 802.1x Wired template?

Radius:IETF | User-Name | BEGINS_WITH | <your_domain_1>\

Then configure a service for each domain with a authentication source for each?

 

My consern is that the ClearPass will only be joined to the one domain, will the second authentication source be able to lookup the AD information?

Guru Elite

Re: ClearPass Servicesetup 802.1x Wired on 2 domains without trust

I’m not sure what CCMP is.

As long as the user does not exist in both directories, you can simply add both domains to the auth source list in a single service. Based on the lookup, the correct domain will be used for user authentication (assuming you’re using a legacy method like PEAP).

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: ClearPass Servicesetup 802.1x Wired on 2 domains without trust

Thank you. I will test this as soon as we have the kit and update the post. I did read on one post that addin gtehm to the same service causes timeouts before it tries the second auth source.

I read this post where it shows to add the user domain in the service.

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/What-is-the-best-way-to-authenticate-users-via-multiple-domains/ta-p/181644

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: