Up till now when processing wired authentication requests I've used an Authentication source that extracts the vlan a client device needs to be on from a remote MSSQL database and passed this back in the RADIOUS Access-Accept packet. Given the fact that CPPM doesn't support db connection pooling and some concerns about the resilience/reliability of our MSSQL database we've decidded to look at another way of doing this.
The current plan is to add an attribute to an endpoints database entry called "UoY VLAN" which, if not 0 will be the numeric vlan the client needs to be in after a successful auth. I've got most of this service implemented but
1). having created an endpoints entry and added UoY VLAN to it with an appropriate value, my corresponding Enforcement policy needs to send back UoY VLAN to the switch. I *think* that I need to set up an authentication source that returns the value of UoY VLAN attribute associated with an endpoint entry due to the fact that when trying to assign a value to Tunelled-Private-Group-Id only shows Auth Source items in the dropdown list and explicitly setting it to %{Authorization:[Endpoints Repository]:UoY VLAN} generated an error.
If I do need to create an auth source, what would be the format for grabbing a locally defined endpoint attribute? It's gonig to be some form of select statement with the client mac address as the primary key I'd guess.
2). Obviously we're not going to updated our entire endpont db by hand. Given the fact that we can use appadmin to remotely access the back-end database, what we'd like to do is set up a trigger on our IPAM db so that when somethings changes ( add device,move dev onto another vlan, delete device etc) we can update the endpoint UoY VLAN attribute as appropriate. Where can I find the db schema for CPPM 6.5 and what might the format of an update statement be?
Rgds
Alex