Security

Hello 

We have got a seft register with clearpass guest

It has a mac caching for every device of 1 day

It is possible to do a mac caching that does not expire for 5 different devices and for the rest to keep the 1 day of mac caching??

If you can how you can do it? 

For now i just got the 1 day mac caching created with the template.

Cheers

Carlos

Couple of ways to do it.

You can change the role of the guest user to [Contractor] and then in the enforcement change the [Contractor] caching to x days.

For individual devices you could give the Endpoint a specific attribute, then in your Role Mapping, map the attribute to the [Contractor] role.

I think the first way you mention its the easiest to do it.

Thanks i ll try that

Cheers

Carlos

Question

How can you put that the time of the mac cahing does not end?

You can put less than one day or less than 2 days etc... but with which parameter you can put it so it has no end?

Cheers

Carlos

All you need to do is the following:

- is use the static host list with the mac addresses of the devices you would like to bypass the 1-2 days mac caching

- Once the device register , add the post enforcement profile to update the status known on the Mac caching enforcement policy

- Then on the Mac authentication policy use the following logic:

If the device belongs to the Static Host List and Is known then allow access and put this on the top of your rule list.

, 

Hello

Thanks for all your feedbacks

what i need is something really simple that the client can do itselft, so he can add new devices himself to this "rule" that bypass the mac caching

As far i see michael clark solution seems the easiest... as you just need to change him the role to that user.

To make it forever would this rule works fine?

does 0 value means for unlimited days? i mean forever? does anyone knows???

Carlos,

Normally to allow devices to bypass the portal I do the following.

Let the device connect, then add attribute to the Endpoint.

Add a role mapping for this attribute.

Then in the enforcement, something like this.

Once you've added the attribute to the Endpoint, just reconnect it.

This method is good for putting things like AppleTVs or digital signage onto the guest  network.

There are other ways as Victor mentioned which may be neater.

Hope that helps

Thanks Michael

That worked pretty good  and the client just need to add the entry on the attribute for each device under the endpoint repository

Seems pretty simple to me

I configured it and its working on my lab.

Thanks also for the screenshots, those helped me to configure it really fast!

Cheers

Carlos