Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

User mac auth with respective AP name

This thread has been viewed 0 times

  • 1.  User mac auth with respective AP name

    Posted Sep 25, 2014 02:42 PM

    Hi,

     

    I have setup of Aruba 7210 controller, CPPM (As a radius), Windows AD 2008 & AP 225

     

    I want to do user mac. authentication with respectiv AP name. AP is in bridge mode.

    I.e. If Branch office1 user trying to authenticate then he should get access.

    If Branch office1 user went to other branch and trying to get wireless access then him should not get access.

     

    Thanks...

     


    #AP225
    #7210


  • 2.  RE: User mac auth with respective AP name

    EMPLOYEE
    Posted Sep 25, 2014 02:43 PM

    Where is the authorization data stored?



  • 3.  RE: User mac auth with respective AP name

    Posted Sep 25, 2014 03:03 PM

    For user authentication require user credential + mac. ID

    User account is in Windows AD & mac. will be on CPPM.

    I believe i will hv to create static host entry with respective AP user & enforcement profile.

    But not exactly clicked..



  • 4.  RE: User mac auth with respective AP name

    EMPLOYEE
    Posted Sep 25, 2014 03:28 PM

    So you're going to manually maintain the MAC addresses in ClearPass?



  • 5.  RE: User mac auth with respective AP name

    Posted Sep 25, 2014 04:44 PM

    yes..



  • 6.  RE: User mac auth with respective AP name

    EMPLOYEE
    Posted Sep 25, 2014 09:18 PM

    Try something like this.


    First create a custom Endpoint attribute. (Administration > Attributes > Add)

    That will be the name of the AP that you manually add.

     

    ENDPOINT_ALLOWED-LOCATION.PNG

     

    Then in your enforcement policy:

     

    ENDPOINT_ALLOWED-LOCATION-enf.png