Contributor I

Endpoint Attributes when creating device in Guest



if we create a device with the mac_create or mactrack_create form in guest, should we see the selected Account Role ([Employee]) in CPPM at the Endpoint assigned as attribute Guest Role ID (3)?

We see the MAC as Endpoint after being created in uest but it doesn´t have any attributes.


We would like to allow employees to register devices and let those devices authenticate via MAC-AUTH afterwards.

We also run self registered Guest access with sponsor confirmation as well on the same SSID.


As those manually created endpoints don´t have attributes we can´t match on them and allow mac-auth without the captive portal redirect.


What am I missing/misunderstanding?


Clearpass 6.5.5









Guru Elite

Re: Endpoint Attributes when creating device in Guest

You would use the guest device repository as an auth source. Put Guest Device Repository above endpoints repository in your auth source list.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Contributor I

Re: Endpoint Attributes when creating device in Guest

I figured that out right now.


Also needed to add "GuestUser:Role ID  EQUALS  3 = EMPLOYEE" to the role mapping policy.


Thanks a lot,


Search Airheads
Showing results for 
Search instead for 
Did you mean: