Security

Reply
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Unable to get Profile

what i am trying to achieve is to only allow authorized ipad user via mac address as well as windows client to collect to the wireless. 

 

the problem i have now is that CPPM can only get the mac address of the devices when a device tries to connect. It can't get the profile of the device. It seems like only when the client get connected then the profile appear. is there any solution to it? thanks

Aruba
Posts: 1,528
Registered: ‎06-12-2012

Re: Unable to get Profile

You need to enable profiller in your service.

 

In your enforcement you need to set a rule that states device profile is unknown allow limited access. Most just allow DHCP and DNS. Once the device gets profiled it will bounce the user and they will then reconnect and the profile will be present. 

 

Screen Shot 2014-11-28 at 4.12.39 AM.png

 

 

 

Screen Shot 2014-11-28 at 4.07.13 AM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Unable to get Profile

hi thanks for the solution, but i can only try next Monday. please bare with me for a couple of questions.

 

1) can i say that in order to get profiled, the client has to get an IP address?

2) inside the 'Unknown' profile, i just need to return a role with limited access and terminate?

3) is Profiler necessary and don't mind if can summurise the purpose of enabling it? Because even without profiler being enable, i can still can get profile as long as the client is connected.

 

Thanks. 

Aruba
Posts: 1,528
Registered: ‎06-12-2012

Re: Unable to get Profile

1. Yes
2. Yes
3. No but it's the easiest way to know if a device is profiled or not and then bounce when it is profiled. It's a chicken and the egg issues. You must get an IP to be profiled.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Unable to get Profile

hi, thanks for the reply once again. i am still a bit unclear. please bare with me. 

 

if i selected the profiler tab and configured the same way you did in the service. that means if my device is profiled, the session will be terminated right? so when it's terminated, it will try to connect again? won't this be a kind of loop? keep terminating and keep connecting? 

 

 

Aruba
Posts: 1,528
Registered: ‎06-12-2012

Re: Unable to get Profile

No the way the rule works in the enforcement is that it's looking for devices that are not profiled. Once it's profiled that rule is ignored.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Unable to get Profile

hi, yes i do know about the enforcement tab, what I meant was the Profiler tab. base on your 'Profiler Tab' sample, am I right to say that as long as it has a profile, do a termination. and once terminated, the client will connect again and will hit the same service. won't it hit this 'Profiler' again? 

sorry am quite confused here.

Aruba
Posts: 1,528
Registered: ‎06-12-2012

Re: Unable to get Profile

Profiler will only trigger once on a device. Once a device is profiled that bounce will not happen again until the device is removed from CPPM either by manual delete or cleanup.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Unable to get Profile

ok thanks, now I get the picture. but which tab comes first? does it follow the order of how it's being displayed? meaning that profiler comes after enforcement?

if that is the case, in my unknown profile I don't really have to terminate the session right? meaning once I am assigned with a restricted role, i am profiled as the same time. and so I will be terminated via the 'profiler' tab.

my concern is if I were to terminate straight after client get the role, would there be sufficient for the cppm to grab the profile?

or it doesn't matter? it's just termination via the enforcement profile or the profiler.
Aruba
Posts: 1,528
Registered: ‎06-12-2012

Re: Unable to get Profile

Correct. The terminate is triggered by profiler after CPPM gets a copy of the dhcp and the device is profiled. You do not put a terminate in your enforcement.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: