Security

Reply
Occasional Contributor II
Posts: 13
Registered: ‎05-23-2016

Mac caching and unknown Endpoint

Hello Community. 

 

I have a customer how wants to authorize his clients manualy. For that i check in the service if the endpoint is known and we use PEAP. He manualy marks the endpoints as know. That works fine for him.

 

Now we have a problem with mac caching. When a guest logs in the Wifi the Guest is marked as a known device that mac caching works. When i remove the update endpoint from the enforcement policy mac caching is no longer working. 

 

Does anybody has a idea how to realize that?

 

Regards Stefan

 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Mac caching and unknown Endpoint

I'd recommend you look at using the Guest Device Repository for handling
known device registration.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎05-23-2016

Re: Mac caching and unknown Endpoint

Hello, that sounds good. But i don´t understand how i can add a device in Guest User Repository and how can i check this? In CPPM i find nothing. 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Mac caching and unknown Endpoint

Under guest, go to Create Device.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎05-23-2016

Re: Mac caching and unknown Endpoint

Ok, but is it possible to create this automaticly when the guest is authenticaed?

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Mac caching and unknown Endpoint

Sorry, looks like we're talking about different things.



You don't have to mark guests as Known. Instead you can change your
MAC-caching service to do Allow All MAC-Auth and remove the Update Endpoint
Known action.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎05-23-2016

Re: Mac caching and unknown Endpoint

I think so. Ok, i have to create a new enforcement Profile an allow all Mac? Is that also a Post_Authentication Endpoint Atribute?

 

 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Mac caching and unknown Endpoint

No, it's the authentication method in your MAC-Auth service.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎05-23-2016

Re: Mac caching and unknown Endpoint

Ok, this is at the moment at Endpoint Repository. And i have to change it to? 

Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: Mac caching and unknown Endpoint

That should be the auth source. Above that, you should have Auth Methods.
Remove MAC Auth and replace with Allow All MAC Auth

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: