Security

A new customer has ClearPass and Aruba IAPs managed by Aruba Central.

They have a requirement for a new Wireless SSID that only permits certain devices to join if their mac address is on a whitelist of sorts.

I have created a new Wireless SSID in Aruba Central with the following

+ Mac Authentication enabled

+ Called Station ID Type: MAC Address

+ Pointed to the ClearPass servers 

How would I go about setting up a Mac Authentication service in ClearPass? I checked the Endpoints Repository and the required devices are already registered there. I'm assuming this can be used as the authentication source, then an additional condition/rule/policy that specifies the mac addresses allowed?

You can use a number of sources for MAC Authentication. You could register the devices via the web portal in Guest known as "Device Registration", and then use the Guest Device Database as your Authentication/Authorization source. The endpoint database can also be used if you want to grab fingerprinted data like OS type or vendor if the device gets profiled. You can also use a static host list to authenticate against.

A new customer has ClearPass and Aruba IAPs managed by Aruba Central.

They have a requirement for a new Wireless SSID that only permits certain devices to join if their mac address is on a whitelist of sorts.

I have created a new Wireless SSID in Aruba Central with the following

+ Mac Authentication enabled

+ Called Station ID Type: MAC Address

+ Pointed to the ClearPass servers 

How would I go about setting up a Mac Authentication service in ClearPass? I checked the Endpoints Repository and the required devices are already registered there. I'm assuming this can be used as the authentication source, then an additional condition/rule/policy that specifies the mac addresses allowed?

If using the Guest Device Database or Endpoint Database as the MAC authentication source. Then how would you specify that only certain devices can join the Wireless SSID?

You can use a number of sources for MAC Authentication. You could register the devices via the web portal in Guest known as "Device Registration", and then use the Guest Device Database as your Authentication/Authorization source. The endpoint database can also be used if you want to grab fingerprinted data like OS type or vendor if the device gets profiled. You can also use a static host list to authenticate against.

A new customer has ClearPass and Aruba IAPs managed by Aruba Central.

They have a requirement for a new Wireless SSID that only permits certain devices to join if their mac address is on a whitelist of sorts.

I have created a new Wireless SSID in Aruba Central with the following

+ Mac Authentication enabled

+ Called Station ID Type: MAC Address

+ Pointed to the ClearPass servers 

How would I go about setting up a Mac Authentication service in ClearPass? I checked the Endpoints Repository and the required devices are already registered there. I'm assuming this can be used as the authentication source, then an additional condition/rule/policy that specifies the mac addresses allowed?