Security

Hi community.

 

I'm triyng to authenticate devices using Clearpass MAC Authentication, I have created a static host list containing each mac address and assigned it as Authentication source.

 

Here you can see some screenshots:

 

On the other side(7210 controller) I have configured an open SSID with mac authentication enabled. The thing is that I'm not sure which role select on the Access options:

 

I have tried with several roles but every device that connects to the ssid can connect without problem.

 

But the Access Tracker shows this:

I'm new on clearpass and mac auth so I ask you for help if I'm missing something else.

 

Thank you in advance!

What does the alerts tab show for the rejected request?

Also, why are you using static host lists instead of device registration?

Hi Tim,

 

This is what I got:

And the alerts:

 

Even with those alerts and Reject Actions the devices steel connects without problem.

Your better off using the Guest Device Repository as Tim mentioned. I just went through this same process. Guest Device Repository gives you much more to work with including names, descriptions, and any other custom field you can think of. Plus you can setup Guest Login with custom Admin Privileges to only add/manage/remove devices.

 

Your service would then look like:

Authenticaiton method: MAC AUTH

Authentication source: Guest Device Repository

Role Mapping - If Authentication Source = Guest Device Repository (or you can use a custom attribute to reference)  Assign your Role.

Enforcement - TIPS Role EQUALS Your Role = Enforcement Profile (same as now)