Security

Reply
Frequent Contributor I

Clearpass 802.1X outer identity

Hi!

 

I´m wondering if there is a way to map RADIUS requests to a service looking at the suffix of the outer identity  of a user.

 

I´ve set up a lab where I use my inner identiy (EAP-PEAP or EAP-TTLS both are in the lab currently) myusername@companydomain.com . And I use a outer identity such as anonymous@example.com. 

 

What I want to achieve is mapping the request to the correct service depending on what outer identity suffix I use (or outer certificate). 

Is there a service rule I can use for this ? 

I´ve checked the access tracker and all I see there is my inner user-name. The outer never showes up.

 

Thanks!


ACMP | ACCP
Guru Elite

Re: Clearpass 802.1X outer identity

Authentication:Full-Username ENDS_WITH

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Clearpass 802.1X outer identity

 

Hey that seems to be working!

 

I saw Authentication:Full-Username in access tracker but assumed that since it only shows my inner username I wouldn´t be able to use this property. But I guess its more a matter of what access tracker show you after the request has been proccessed. 

 

Thanks a bunch, been working on this for quite som time!


ACMP | ACCP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: