Security

Hello all

Recently we deployed Clearpass as Radius server. There is some IAPs for wireless. We deployed 802.1x authentication for SSID. It works great. But my question is : Is it possible to deploy Mac-address bypass before 8021.x with the same SSID?

 

For example, there is an Apple computer which is not in the domain. I want this device to pass authentication without 8021.x if the mac address is in the Static Host List.

 

Any help would be appreciated,

Thank you

 

You would use the MAC address as part of authorization to deny the request.

Hello Mr Cappalli
My point is here not to block by mac address. I want some specific device which is in the static host list, to connect without domain username password.

No, this is not possible. You cannot mix encrypted and unencrypted on the same SSID by standard.

 thank you for your response.

If I am not mistaken, it is possible with wired solution. For example, IP telephones can pass authentication with mac-address and computer which is connected to ip telephone can pass with 802.1x. I wondered that if there is same solution with wireless. 

But it is not possible as you said, we should use one SSID for 802.1x, one SSID for MAC-auth, right?

Correct.