Hi Cappalli,
If we use device registration portal(I assume guest device repository) then user can authenticate by using any mac address which available in guest device repository but arubabiggnier has already mentioned his requirement with example as below
For eg,
Wifiuser1 is associated with mac1. Wifiuser1 can only log into the mobile device with the mac address mac1. He cannot log into other mobile devices.
I found easiest way to use Endpoint repository to achive this requirement
Steps as below
1) Create Enforcement profile with Clearpass entity update enforcement
Enforcement profile name is Endpoint_Username_Update
Type : Endpoint
Name : Username
Value : %{Authentication:Username}
Then Create Policy Condition as below
1) (Authorization:[Endpoints Repository]:MAC Vendor NOT_EXISTS )
Enfrcement Profile : [Aruba Terminate Session], Endpoint_Username_Update
With above condition, Client user name/id will be added in endpoint repository with associated mac address after first time successfully authentication and client will automatically disconnect and connect again due to Aruba termination session enforcement profile but this time client will getiing apply below condition as first condition will not match.
2) (Endpoint:Username EQUALS %{Authentication:Username})
Enfrcement Profile : [Allow Access Profile]
with above condition Wifiuser1 is associated with mac1. Wifiuser1 can only log into the mobile device with the mac address mac1. He cannot log into other mobile devices.
Regards,
Milind Yashwantrao