Security

Who Me Too'd this topic

Contributor II

Clearpass guest access portal - MAB - web authentication

Hi Guys,

 

We are implementing guest access to our wired network. So, we have configured 802.1x, MAB (Mac address bypass authentication) in switch ports to authenticate the users connecting to it.

 

So, if a user connects to a switchport and if he fails in both 802.1x and MAB, he is treated as guest user and should be given clearpass guest portal web login page (to create his own account to login).

 

Normally in CISCO ISE, we have an option to use 'If user_not_found in MAB, ISE will not fail MAB, rather it will send redirect url (of ISE guest portal) to switch to ask the user to login to the guest portal page'. [You could refer to page 4 of the attached document)

 

So, in clearpass, do we have an option like 'If the user is failing MAB, the clearpass sends the re-direct url to the switch to make the user login to clearpasss guest portal'? I don't find one because if he is failing MAB, the only option we're left is to use switch's internal web page (web-auth - fallback method for MAB).

 

Any service/enforcement policy needs to be created for this to accomplish? Please help.

 

Thanks,
Bharani.....

 

Who Me Too'd this topic