Security

Reply
Occasional Contributor II
Posts: 31
Registered: ‎04-22-2016

Endpoint Attributes when creating device in Guest

[ Edited ]

Hi,

 

if we create a device with the mac_create or mactrack_create form in guest, should we see the selected Account Role ([Employee]) in CPPM at the Endpoint assigned as attribute Guest Role ID (3)?

We see the MAC as Endpoint after being created in uest but it doesn´t have any attributes.

 

We would like to allow employees to register devices and let those devices authenticate via MAC-AUTH afterwards.

We also run self registered Guest access with sponsor confirmation as well on the same SSID.

 

As those manually created endpoints don´t have attributes we can´t match on them and allow mac-auth without the captive portal redirect.

 

What am I missing/misunderstanding?

 

Clearpass 6.5.5

 

Thanks,

Christian

 

 

 

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: Endpoint Attributes when creating device in Guest

You would use the guest device repository as an auth source. Put Guest Device Repository above endpoints repository in your auth source list.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 31
Registered: ‎04-22-2016

Re: Endpoint Attributes when creating device in Guest

I figured that out right now.

 

Also needed to add "GuestUser:Role ID  EQUALS  3 = EMPLOYEE" to the role mapping policy.

 

Thanks a lot,

Christian

Search Airheads
Showing results for 
Search instead for 
Did you mean: