Security

What I am trying to accomplish here is that I want all Game Console to skip captive portal and get internet access only if the mac address exists in guest devices. 

Now looking at Enforment Policies, I added one below which works fine at least for the first line (Authorization:[Endpoints Repository]:Category  EQUALS  Game Console) => [Allow Access Profile] but for the second line ,  (Authorization:[Guest Device Repository]:SponsorName  CONTAINS  idm) I am not sure if I am doing it right. Is the variable "SponsorName" the same varialbe in Guest Devices?          

Another question is, in ClearPass Guest.. under Home>Guest>Manage Devices is a list/table of devices and their id and values... is this the same Guest Device Repository in CleaPass Policy Manager?

Yes, they're the same.

The way I recommended leveraging device registration is providing the user a list of devices roles: Game Console, Media Player, Printer, etc.

You then use this in policy. You can add profiling data to it as well as a "second check".

Here's a role map and policy example:

We're working on a Device Registration Configuration Guide. Hope to have it released by the end of the year.

Wow that's a nice way of doing it. However, I get the device registration from an external IDM that has a script that can push in and/or deletes Guest device  MAC addresses in ClearPass. It doesn't give that much attribute but the sponsor of those device added is cpp_idm. So pretty much what I was doing is <if it is a game console and mac exist in guest devices and the sponsor contains 'idm' then it gets the internet> ... It's still very simple right now but we'll slowly evolve  and your reccomendation is indeed very interesting.

Thanks.

Yeah! The built in Device Registration is very powerful and flexible.

Your original SponsorName rule should work fine for the use case you described.