Occasional Contributor I

MAC authentication in clearpass

I am trying to configure clearpass, for mac authentication for guest access, but have having trouble triggering the "guest mac authentication service.


I used the "guest mac authentication"  template to create the service "mac authentication" and "guest access with mac caching"


The "guest access with mac caching service is matched in the access tracker, authenticates me against the "guest user repository"  updates the endpoint to known etc, and sends the correct role to the controller in order to allow me to access the guest services/internet etc.


I have followed various implementation guides and other posts on here but I cannot get the "mac authentication service to trigger"


Not even to deny a host that has never connected. 


The mac authentication is set as shown below:


Service tab


type mac authentication

Service rule: match all


type: connection                 name: client-mac-address      operator: EQUALS               Value: %{radius:IETF:User-name}

type: RadiusAruba             name:Aruba-Essid-Name       operator: EQUALS               Value:  Lab_GUEST





Methods = [MAC AUTH]

Authentication sources [Endpoints repository] [local SQL DB]



Authorisation source [insight repository] [local SQL Db]


I have seen in other posts that not having "Insight enabled" can cause problems but this is enabled, Checks after I have authenticated show that my device is changed to a known device etc, but I still don't get hits on the access tracker for my "mac auth service"


Any ideas or suggestions would be greatly appreciated.



Guru Elite

Re: MAC authentication in clearpass

Do you have MAC authentication enabled for the SSID in your controller?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: MAC authentication in clearpass

Hi Cappalli


First, thanks for the quick reply,


Good call, I had set up a mac authentication aaa profile to clearpass etc, but selected the wrong one under the ssid.


Now that this has been corrected i am seeing the correct authentication attempts hit clearpass


Thanks again

Search Airheads
Showing results for 
Search instead for 
Did you mean: