09-12-2016 11:19 AM
When a device connects the first time and it gets fingerprinted and mac-cached on clearpass, will it be fingerprinted again the next time it connects?
We want our game console clients to bypass captive portal and self registration but we are concerned on mac-spoofing. We are afraid that if a client connects is game console, turns it off, then spoof the mac using a laptop --- and since it is mac-cached initially, will clearpass be fooled?
Will clearpass fingerprint ever time a device connects or it will not fingerprint a device that is already mac-cached.
09-12-2016 11:21 AM
the conflict attribute will be triggered. You can write policy that denies
devices with the conflict attribute.
Are you using the device registration portal (guest device repository)?
09-12-2016 11:41 AM
We haven't implemented anything yet except for Guest users going through a captive portal to connect their phones, tablet, laptop etc. This is using [Guest User Repository] if I am not mistaken.
We are trying to accomodate video game consoles since most of these have no web browser to go through the captive porta. We are thinking that these game console will skip the captive portal instead and connect automatically (using the same SSID).
So we expect that clearpass will fingerprint it and let it connect but it is just that we are concerned about mac-spoofing. We want to make sure these are real video game consoles.
09-12-2016 11:43 AM
09-12-2016 11:54 AM
Yes, we initially want that clients to register their own gaming console but it seems to be more complicated than we expected (unless there's an easy way). If possible, we want to be able to identify a device and points it to a registered client . However, the leadership want clients to be self serving as much as possible and not to involve another staff or receptionist just to register clients gaming consoles.
Anyway right now, we are looking for the best cleapass+gaming console setup that suits our needs. We are open to suggestions.
09-12-2016 12:03 PM
I’d recommend using the device registration portal to allow users to register their own device. It’s designed for headless devices like game consoles, printers, media players, etc.
The forms can be completely customized to hide or add whichever fields you want. By default, it will automatically register the device to the user who logs into the portal.
09-12-2016 01:31 PM
Isn't it that this method is to turn each and every student an operator themselves with just the 'registerd a device' option?
I think in order to do this, we have to connect LDAP to clearpass since clearpass itself cannot use our RADIUS server.
If not please direct me to where I can read more about this.