Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

This thread has been viewed 2 times

  • 1.  how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

    Posted Jul 02, 2016 04:09 PM

    I have 802.1x enabled devices, which we need to authenticate using 802.1x and MAC authentication at same time.

    So if the MAC address is unknown then put the client in Guest VLAN.

    And if the MAC address is known, then continue with 802.1x user authentication and posture check.

     

    Thanks

     

    Regards

    Mahmoud



  • 2.  RE: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

    EMPLOYEE
    Posted Jul 02, 2016 04:13 PM
    What is your authentication server?
    How will you be maintaining a list of MAC addresses?


  • 3.  RE: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

    Posted Jul 02, 2016 04:16 PM

    The authentication server is active directory.

    For the MAC addresses, I will enter them manually to the CP endpoint repository.

     

    Regards

    Mahmoud



  • 4.  RE: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication
    Best Answer

    EMPLOYEE
    Posted Jul 02, 2016 04:19 PM
    So just create a basic 802.1X authentication service, enable authorization, select the Guest Device Repository as an authorization source, then just add in your rules for whether the MAC address is registered in the database.


  • 5.  RE: how to Authenticate 802.1x enabled users using 802.1x service and MAC authentication

    Posted Jul 02, 2016 04:28 PM

    So I just have to edit the same 802.1x service and no need to create another service.

    I will try this and update.

     

    But what if we need to authenticate the non 802.1x enabled devices over MAC authentication, then I think I have to create another service for MAC authentication to match the non 802.1x devices, right?