Wireless Access

Within CPPM, is there a way to define a role mapping for all smartdevices (Andriod, iOS, Blackberry)? I try the following an it's not working.

 

Authorization:[Endpoints Repository] Category EQUAL Smartdevice

I can only set it like this and it still not working..

 

OK...i got the setting per your suggesting and it's till not working...

 

If you lookup the device in the endpoint repository, is it profiled?

Profile is "No".

Do you have DHCP relays configured pointing to ClearPass?

No. Not sure where to do that at. Our DHCP are handle by the domain controller.

Wherever your layer 3 interfaces live for the clients, you need to add DHCP relays pointing to the ClearPass servers.

We have the DHCP relay point to our DHCP server currently. If I were to change that to Clearpass would that break DHCP to my Domain controller who is handling out the IP? How is that suppose to fix DeviceFinger printing of SmartDevices?

You would add the relay in addition to the one pointing to your DHCP server. It will not break DHCP. You need this for profiling. There are other ways but they are not as "instant".

Under "Services", do i need to check "Profile Endpoints"?

 

You can, yes, but you still need to add DHCP relays.

Yes. I have already added an additional DHCP relay under my switch/router SVI to point to CPPM. Still no dice.

 

The "enable profiler is enable.

 

 

Also, I am seeing device being profile:

 

 

 

 

Just not sure why my role mapping is not working:

 

 

 

because the Category is embedded and not smart device. try with something like an iPhone or Galaxy phone.