Dell PowerConnect W Clearpass 100 Software 3.7 Deployment Guide - Page 217
Importing MAC Devices, Advanced MAC Features, 2-Factor Authentication, MAC-Based Derivation of Role
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 217 highlights
Importing MAC Devices The standard Guests > Import Guests supports importing MAC devices. At a minimum the following two columns are required: mac and mac_auth. mac_auth,mac,notes 1,aa:aa:aa:aa:aa:aa,Device A 1,bb:bb:bb:bb:bb:bb,Device B 1,cc:cc:cc:cc:cc:cc,Device C Any of the other standard fields can be added similar to importing regular guests. Advanced MAC Features 2-Factor Authentication 2-factor authentication checks against both credentials and the MAC address on record. Tying the MAC to the visitor account will depend on the requirements of your deployment. In practice you would probably add mac as a text field to the create_user form. When mac is enabled in a self-registration it will be included in the account as long as mac is passed in the URL. Relying on self-registration may defeat the purpose of two-factor authentication, however. The 2-factors are performed as follows: 1. Regular RADIUS authentication using username and password 2. Role checks the user account mac against the passed Calling-Station-Id. Edit the user role and the attribute for Reply-Message or Aruba-User-Role. Adjust the condition from Always to Enter conditional expression. return !MacEqual(GetAttr('Calling-Station-Id'), $user['mac']) && AccessReject(); There is an alternative syntax where you keep the condition at Always and instead adjust the Value.