The following role mapping works for me, using the Endpoint Repository instead of Endpoint:
(
Authorization:[Endpoints Repository]:Status EQUALS Disabled)
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 03, 2021 03:09 PM
From: Philip Wightman
Subject: Clearpass Endpoints - Known / Unknown / Disabled
Anyone know how to take advantage of the 'Disabled Client' radio button for an endpoint in the Endpoints repository? Such as in my Mac Auth policy, I want to create a role mapping that will be applied in my enforcement to deny access to a client.
I would like to see that 'Disabled Client' as an Endpoint attribute. That however does not seem to be the case. The 'Known client' and 'Unknown Client' I believe can be leveraged in that manner but not 'Disabled Client'. There is no option to role map it like I would for most other attributes.
Thanks in advance!!
------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------