Wireless Access

Reply
Highlighted
Contributor II

ClearPass and non 802 devices

We have a SSID for non 802 devices like gaming consoles on campus.  We use ClearPass portal for users to register these devices via MAC.  We have found that many are registering their 802 devices as well and would like to prevent any 802 device from connecting to this SSID.  Suggestion on how to accomplish this would be appreciated.

Highlighted

Re: ClearPass and non 802 devices

If you know Device Types of those non 802.1X Devices, you could use the Profiler to get rid of all the other Device Types like Smartphones, etc.

 

Another thing could be that you place Sponsored Registration, where a Sponsor must allow registered Devices before they can gain access to the network.

Highlighted
Contributor II

Re: ClearPass and non 802 devices

Can you show me how I would do the first part?  Do not want to get someone bogged down with having to do that all day.

 

THANKS!

Highlighted

Re: ClearPass and non 802 devices

Another possibility is to create an Enforcement Profile where all disallowed Device Types get a "Deny Access Profile".

You can set the rule the way you like with allow or disallow of Device Types.

 

Highlighted
Contributor II

Re: ClearPass and non 802 devices

Can you send me a link on how to do this - just might work.  Thank you

Highlighted

Re: ClearPass and non 802 devices

Have you seen the attachment of my Reply?

There is a picture which shows how to configure.

Highlighted
Contributor I

Re: ClearPass and non 802 devices

When a device authenticates successfully using dot1x, you flag it by setting an attribute in the Endpoint Repository (e.g. Dot1xEnabled = True)

 

Then in your MAC Auth service for the non-dot1x SSID, you check that this attribute does not exist.

 

Other than that I don't see how you can do it, since your non-dot1x service is not capable of detecting dot1x devices (by definition).

Sacha
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: