Security

Reply
Frequent Contributor I

ClearPass Policy Manager variable equivalent in ClearPass Guest question.

What I am trying to accomplish here is that I want all Game Console to skip captive portal and get internet access only if the mac address exists in guest devices. 

 

Now looking at Enforment Policies, I added one below which works fine at least for the first line (Authorization:[Endpoints Repository]:Category  EQUALS  Game Console) => [Allow Access Profile] but for the second line ,  (Authorization:[Guest Device Repository]:SponsorName  CONTAINS  idm) I am not sure if I am doing it right. Is the variable "SponsorName" the same varialbe in Guest Devices?          

CPPM variable.png

 

Another question is, in ClearPass Guest.. under Home>Guest>Manage Devices is a list/table of devices and their id and values... is this the same Guest Device Repository in CleaPass Policy Manager?

Guru Elite

Re: ClearPass Policy Manager variable equivalent in ClearPass Guest question.

Yes, they're the same.

 

The way I recommended leveraging device registration is providing the user a list of devices roles: Game Console, Media Player, Printer, etc.

 

You then use this in policy. You can add profiling data to it as well as a "second check".

 

Here's a role map and policy example:

Screen Shot 2017-08-03 at 1.53.58 PM.png

 

Screen Shot 2017-08-03 at 1.53.44 PM.png

 

Screen Shot 2017-08-03 at 1.59.53 PM.png

 

We're working on a Device Registration Configuration Guide. Hope to have it released by the end of the year.

 

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: ClearPass Policy Manager variable equivalent in ClearPass Guest question.

Wow that's a nice way of doing it. However, I get the device registration from an external IDM that has a script that can push in and/or deletes Guest device  MAC addresses in ClearPass. It doesn't give that much attribute but the sponsor of those device added is cpp_idm. So pretty much what I was doing is <if it is a game console and mac exist in guest devices and the sponsor contains 'idm' then it gets the internet> ... It's still very simple right now but we'll slowly evolve  and your reccomendation is indeed very interesting.

 

Thanks.

Guru Elite

Re: ClearPass Policy Manager variable equivalent in ClearPass Guest question.

Yeah! The built in Device Registration is very powerful and flexible.

 

Your original SponsorName rule should work fine for the use case you described.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: