Re: SSID with Both MAC auth and 802.1x in ClearPass (Airheads Community Subscription Update)


@darin-williams wrote:
I am new to ClearPass, so I am still feeling my way around the product. I am wondering why a rule couldn't be added to the enforcement policy to look at the mac address and then push the action to allow access if it is a match. If you have a lot of devices this would be ideal. For example the rule below:

Conditions
(Connection:Client-Mac-Address-Colon EQUALS xx:xx:xx:xx:xx:xx)

Actions
[Allow Access]

Thanks,

Darin T. Williams
Network Engineer
University of Nebraska Computing Services
225 Nebraska Hall
Lincoln, Nebraska 68588-0521
email: dtwilliams@nebraska.edu
phone: 402.472.5884 cell:402.570.8293

From: Community Mailer >
Date: Thursday, September 17, 2015 at 8:02 AM
To: Darin >
Subject: Re: SSID with Both MAC auth and 802.1x in ClearPass (Airheads Community Subscription Update)


Hi darin-williams,

pmauretti (New Member) posted a new Reply in Higher Education on 09-17-2015 06:02 AM :

Browsing from your phone? Don't forget to download the Airheads Community App?
________________________________

Re: SSID with Both MAC auth and 802.1x in ClearPass

Just spitballing here, but is there any product/configuration that would allow you to integrate those MAC addresses into the same database that your .1X devices authenticate off of? Whereas .1X is used primarily via cert/credentials, a pre-registered device could match against an AD object associated with it, say.



Not sure if it's possible, but the thought occurred to me.

We are doing that with the registered mac addresses marked as Known and tagged with Username, etc. in the Endpoints database built in to ClearPass Policy Manager.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks