Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAC authentication

This thread has been viewed 1 times

  • 1.  MAC authentication

    Posted Jan 08, 2015 09:09 AM

    I need a clarification for MAC authentication:  Is it possible for CPPM to know a device's OS when using MAC authentication?  There is no profiliing since there is no user authentication.  The controllers ID's the devices properly but I can't get CPPM to use that information for role assignments.

     

    I'm working with TAC but I'm not sure I've explained it correctly to them.  I keep seeing ChromeOS in traces but they say they don't see it in the traces.  CPPM does not indicate in the 'input' tab anything to indicate the OS of the device when using MAC authentication.



  • 2.  RE: MAC authentication

    Posted Jan 08, 2015 09:27 AM

    What you need to do is enabled to profile Endpoints:

     

    2015-01-08 09_23_32-ClearPass Policy Manager - Aruba Networks.png

     

    Then at end of your profile add that if is not profiled to dumb it in "PROFILING VLAN or ROLE"

    2015-01-08 09_22_54-ClearPass Policy Manager - Aruba Networks.png

    And then it will get CoA by the Profiler

    2015-01-08 09_23_15-ClearPass Policy Manager - Aruba Networks.png

     

    Make sure you enabled CoA on the controller

    2015-01-08 09_26_36-Authentication Profiles.png

     



  • 3.  RE: MAC authentication

    EMPLOYEE
    Posted Jan 08, 2015 09:34 AM

    You can set up a role map that uses the controller's profile. This can be beneficial if you don't want to wait for the device to profile and force them to reauth again.

     

    chomeos-rolemap.PNG