Security

 View Only

  • 1.  MAC authentication initial role

    Posted Nov 24, 2016 06:21 PM

    Just troubleshooting an issue where I'm unable to connect to a network that uses ClearPass to do basic MAC auth against the endpoints repository.

     

    What should the 'initial role' be set to in the AAA policy? Should this allow DHCP etc so the client can associate properly?

    Currently the initial role is 'denyall', which doesn't seem right?

    Should it be possible to see user's that are in the denyall role with 'show user-table'?



  • 2.  RE: MAC authentication initial role

    Posted Nov 24, 2016 06:35 PM
    If using an external server, the initial role should be set for use with a deny.

    For example, in a guest workflow, this may be the guest registration role.


  • 3.  RE: MAC authentication initial role

    Posted Nov 24, 2016 07:45 PM

    Sure, but would you expect 'denyall' to be an appropriate initial role?



Related Content