Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAC authentication initial role

This thread has been viewed 8 times

  • 1.  MAC authentication initial role

    Posted Nov 24, 2016 06:21 PM

    Just troubleshooting an issue where I'm unable to connect to a network that uses ClearPass to do basic MAC auth against the endpoints repository.

     

    What should the 'initial role' be set to in the AAA policy? Should this allow DHCP etc so the client can associate properly?

    Currently the initial role is 'denyall', which doesn't seem right?

    Should it be possible to see user's that are in the denyall role with 'show user-table'?



  • 2.  RE: MAC authentication initial role

    EMPLOYEE
    Posted Nov 24, 2016 06:35 PM
    If using an external server, the initial role should be set for use with a deny.

    For example, in a guest workflow, this may be the guest registration role.


  • 3.  RE: MAC authentication initial role

    Posted Nov 24, 2016 07:45 PM

    Sure, but would you expect 'denyall' to be an appropriate initial role?