Frequent Contributor I

MAC authentication initial role

Just troubleshooting an issue where I'm unable to connect to a network that uses ClearPass to do basic MAC auth against the endpoints repository.


What should the 'initial role' be set to in the AAA policy? Should this allow DHCP etc so the client can associate properly?

Currently the initial role is 'denyall', which doesn't seem right?

Should it be possible to see user's that are in the denyall role with 'show user-table'?

Guru Elite

Re: MAC authentication initial role

If using an external server, the initial role should be set for use with a deny.

For example, in a guest workflow, this may be the guest registration role.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: MAC authentication initial role

Sure, but would you expect 'denyall' to be an appropriate initial role?

Search Airheads
Showing results for 
Search instead for 
Did you mean: