Frequent Contributor II

Clearpass 802.1X outer identity



I´m wondering if there is a way to map RADIUS requests to a service looking at the suffix of the outer identity  of a user.


I´ve set up a lab where I use my inner identiy (EAP-PEAP or EAP-TTLS both are in the lab currently) . And I use a outer identity such as 


What I want to achieve is mapping the request to the correct service depending on what outer identity suffix I use (or outer certificate). 

Is there a service rule I can use for this ? 

I´ve checked the access tracker and all I see there is my inner user-name. The outer never showes up.



Guru Elite

Re: Clearpass 802.1X outer identity

Authentication:Full-Username ENDS_WITH

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Clearpass 802.1X outer identity


Hey that seems to be working!


I saw Authentication:Full-Username in access tracker but assumed that since it only shows my inner username I wouldn´t be able to use this property. But I guess its more a matter of what access tracker show you after the request has been proccessed. 


Thanks a bunch, been working on this for quite som time!

Search Airheads
Showing results for 
Search instead for 
Did you mean: