04-14-2014 02:37 PM
I am using CPPM 6.3.1 and want to create authentication for a printer, or any headless devices.
First I create the device in Guest:
In CPPM Authentication Sources only [Guest Device Repository] and [Guest User Repository] are used.
Assign role TIPS-HEADLESS if SponsorName EXIST
Enforcement to return the HEADLESS role to controller
PROBLEM: the printer has never hit TIPS-HEADLESS role
Solved! Go to Solution.
04-14-2014 02:40 PM
04-14-2014 03:02 PM
You can use the service template "guest access with MAC caching" to do
04-15-2014 09:15 AM
I am very approciated you advice. If you don’t mind, I’d like to follow up with a question: I am using guest to connect and authorize wireless printer. Can I move printer to different VLAN after it was authenticated?
04-15-2014 09:34 AM
With a MAC auth, yes.
There are two ways of doing this:
1) Create a printer user-role on the controller and attach a VLAN to it.
2) Return a VLAN ID or VLAN name with an enforcement profile in your enforcement policy.
04-15-2014 11:30 AM - edited 04-15-2014 11:31 AM
Score again. Thanks Tim.
I use #2, return VLAN ID from CPPM. First an atribute "Aruba-User-Vlan" must be added to server group at the controller, then add VLAN ID to Enforcement profile. Works like a champ!!!