07-21-2015 06:41 AM
A while back I set up a WPA2-PSK network for our comp sciece dept for a batch of raspberry pi's. As thre were only about 17 of them I set up a static mac address list on CPPM to be used for mac-auth and then checked that the dhcp signature said it was a raspberry pi. Only devices that had the shared key, whose mac address we knew about and whose signature said they were raspberry Pis could conect to the network. A RADIUS filter-id attribute passed a string back to the mobility controller to apply a policy to the authenticated session.
I now want to roll out a version of this to our study bedrooms for all the dumb games consoles , TVs plu-ray players and whatever else is out there that only supports WPA2-PSK. The problem is getting the device mac address into a clearpass list.
1). I could just say if ( <favourite games console> ) then Access-Accept with this enforcement policy, but that wouldn't leave us with any accountability.
2). I could write a standalone web page that the user logs into and registers a mac address in an external db ... and set up an auth source that checks calling stationid against external db which I then use in the CPPM service
3). Is there any way of restricting CPPM access for a user to a page that allows you to insert a mac address into a static list?
4). external web page using REST API to get at CPPM?
Solved! Go to Solution.
07-21-2015 06:42 AM - edited 07-21-2015 07:02 AM