Security

Reply
Contributor I
Posts: 33
Registered: ‎02-22-2011

ClearPass doesn't show both MAC addresses for AirWatch EMM/MDM devices

We have AirWatch set up as an EndPoint Context Server in ClearPass Policy Manager (CPPM) and have had great success using AirWatch-learned attributes for making access policy decisions in CPPM. We'd like to start using those attributes for wired connections but the CPPM-to-AirWatch API apparently is only learning the wireless MAC address and not the wired MAC. 

 

Anybody have experience with this? Does the ClearPass API implementation need to be updated to pull multiple MAC addresses for each device from AirWatch, or perhaps does AirWatch need to be adjusted to give more info during an API call?

Twitter: @swackhap
Moderator
Posts: 496
Registered: ‎11-09-2012

Re: ClearPass doesn't show both MAC addresses for AirWatch EMM/MDM devices

Hey Patrick,

 

So I've had one of the internal SE's reachout to me as well over this. Basically I need to lookin and see if AW is even sending us the additional wired adapter info. Let me check upon this... if I don't get back to you ping me on email.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Moderator
Posts: 496
Registered: ‎11-09-2012

Re: ClearPass doesn't show both MAC addresses for AirWatch EMM/MDM devices

So a quick check of the work-file we ingest from my AW test instance only shows a single MAC address. 

 

Just so Im clear on whats being asked for here can you layout what your request is for wired attached devices please?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor I
Posts: 33
Registered: ‎02-22-2011

Re: ClearPass doesn't show both MAC addresses for AirWatch EMM/MDM devices

Danny, thanks so much for getting back to me. To make a long story short we are trying to use the endpoint attributes learned from AirWatch (in this case, the MAC address to trigger the correct wired 802.1x service as well as if the device is compromised and some other things) to prove to ourselves that the device is a legitimate corporate-owned device that is allowed to have internal access to corporate resources. See the attached screenshot for the role-mapping we want to do. Note that we're already successfully doing this for wireless because that wireless MAC address is being pulled by CPPM from AirWatch.

Twitter: @swackhap
Search Airheads
Showing results for 
Search instead for 
Did you mean: