Solutions Tech Lab

Total Posts

Using Static Host List with ClearPass

Published by

Ariya Parsamanesh

on

There are use cases where you need to use a list of hosts (MAC addresses) to provide MAC auth with ClearPass which in most of the cases it is mainly for legacy devices. We’ll start with creating the list.

Once you save it you see it as shown below.

The static host list can be used as an authentication source for a MAC-auth service or an authorization source for an 802.1X service. Here we’ll create an authentication source.

Then you can use it in Authz or better in role-mapping.

Now when we’ll test it with a device that matches the MAC auth service which also matches with the role-mapping entry

Now you can use that role as a condition in your enforcement policy.

Discover more from Solutions Tech Lab

Subscribe to get the latest posts sent to your email.

2 responses to “Using Static Host List with ClearPass”

  1. Bruce Avatar
    Bruce

    I thought that was the purpose of CPPM Guest Devices. Before ClearPass 6.0, we actually used Known Endpoints to do MAC Auth

    Like

    Reply
  2. Ariya Parsamanesh Avatar
    Ariya Parsamanesh

    yes you also have that option. SHL is yet another approach.

    Like

    Reply

Leave a comment

Previous Post
Next Post