05-19-2016 05:46 AM
Is it possible to update a clearpass guest device registration, expire date, from policy manager.
Right Now I have the expiration set to 1 year after registration when they register. What I would like to do is update the date every time they connect so it is 6 months after last connection. This way as long as they are using the device it never expires. But if they leave, it gets removed after 6 months.
I have not found a way to update the update that field in a post authentication profile. I assume I am not the only one who wants to do this?
Solved! Go to Solution.
05-19-2016 05:50 AM
05-19-2016 05:59 AM
How would you trigger it? can you trigger a "script" or api call in post authentication?
Maybe another way at this is to update the endpoint upon each connect and every 6 months run a script to pull the
endpoint last connect dates and update the guest devices expiration via the guest api? I guess that depends on if the
cpmm has an api to access the endpoints.
05-19-2016 06:01 AM
You essentially create an external context server with actions tied to it. The action in this case would be to update the expiration time.
05-20-2016 07:58 AM
There is actually a post_auth update that will accomplish this without using the API. Configure an enforcement profile like below and add it to the appropriate rules in MAC-auth enforcement policy.
Note that the value is in minutes.