Security

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------

Start here:  https://asp.arubanetworks.com/downloads/documents/RmlsZTpmMDY3Y2UwYS1lNmZiLTExZWEtYjFjMi0zYmZjN2Y0MzMxNDI%3D

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Apr 28, 2022 11:14 PM
From: Hevin Huo
Subject: How Clearpass sets up authentication based on device type

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------

You can try - Connection: Client-Mac-Vendor equals AVAYA = Role mapping...

------------------------------
Larry Simanek
------------------------------

Original Message:
Sent: Apr 28, 2022 11:14 PM
From: Hevin Huo
Subject: How Clearpass sets up authentication based on device type

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------

here is the screenshot for it.



------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: May 03, 2022 10:36 AM
From: Larry Simanek
Subject: How Clearpass sets up authentication based on device type

You can try - Connection: Client-Mac-Vendor equals AVAYA = Role mapping...

------------------------------
Larry Simanek

Original Message:
Sent: Apr 28, 2022 11:14 PM
From: Hevin Huo
Subject: How Clearpass sets up authentication based on device type

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------

We set up a role for our avaya voip phones. Then we created a role mapping (Authorization:[Endpoints Repository]:MAC Vendor  EQUALS  Avaya Inc). Then we created a wired mac auth policy that allowed the avaya voip phone and applied the "allow access" profile when a phone was plugged in. 

This should give you a start

------------------------------
Jason Tucker
------------------------------

Original Message:
Sent: Apr 28, 2022 11:14 PM
From: Hevin Huo
Subject: How Clearpass sets up authentication based on device type

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------

thats the way to do it, also remember to use Endpoints: Conflict flag which indicates a change in the device category, in your enforcement policy.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: May 03, 2022 07:13 PM
From: Jason Tucker
Subject: How Clearpass sets up authentication based on device type

We set up a role for our avaya voip phones. Then we created a role mapping (Authorization:[Endpoints Repository]:MAC Vendor  EQUALS  Avaya Inc). Then we created a wired mac auth policy that allowed the avaya voip phone and applied the "allow access" profile when a phone was plugged in. 

This should give you a start

------------------------------
Jason Tucker

Original Message:
Sent: Apr 28, 2022 11:14 PM
From: Hevin Huo
Subject: How Clearpass sets up authentication based on device type

Our company was recently preparing to deploy the Clearpass and is now in trouble.  Since there are many devices like Avaya phone that cannot be 802.1x certified, and  establishing MAB certification is a huge challenge for us. And we cannot confirm which port it conected, So we can't cancel the configuration of authentication on the switch interface. How do I set up admission based on the type of device? Its purpose is to authenticate devices like Avaya phones that cannot perform 802.1x.

------------------------------
Hevin Huo
------------------------------