Security

I'm trying to leverage the a policy that uses Authorization:[Guest Device Repository]. There are three name options for said type, AccountStatus, RemainingExpiration, and Sponsor. AccountStatus. I was hoping to use AccountStatus but I'm not sure what values it contains for active/disabled so I've only been able to use "Exists" but I want to be more implicit. Can someone tell me the options or how I can get into the database backend to check the values?

 

Thanks,

 

Rosie

225 = disabled
226 = expired
0 = enabled and valid

As always, thank you for the quick reply Tim. Is that status of the account or of the device? I disabled the device and it is sitll receiving a 0 for accountstatus. I am assuming I asked the wrong question at this point.

The device account. Guest Device Repository is used for device registration (headless, IoT, traditional MAC address registration, etc)

I must just be impatient. Do you know how long it takes for a disabled device to "register" with the enforcement policies? It is behaving as expected now.

It may have been cached.

Tim, 

 

I have a ClearPass Lab environment running CPPM version 6.7.9.109195.

 

I am working through your "Wired Policy Enforcement Solution Guide" and I am stuck in the MAC Authentication Enforcement Policy section of the guide (Page 28). When trying to create the 5th condition, "Authorization: [Guest Device Repository]:Device Account Enabled EQUALS (true), "Device Account Enabled " is not an option in the dropdown menu.

 

I have attached my Enforcement Policy for comparison. Just wanting to verify that my 5th condition is configured correctly. Thanks.