How do I query the endpoint repository for a device that presents no host mac address?
In my case, Cisco Anyconnect doesn't present this, only a Cisco AVPair of mdm-tlv=device-mac=XX-XX-XX-XX-XX-XX
I want to be able to query its Endpoint EMM attributes (ie. MDM Enabled).
Try this (assuming you're on 6.8.0+):
1. Go to Administration > Server Manager > Server Configuration and select the ClearPass server.2. On the Service Parameters tab, in the Select Service drop-down list select RADIUS server.3. Scroll down to the Main parameters and select yes for the Parse Cisco-AVPair to get device mac option, and then click Save.
Ah thanks Tim. Currently on 6.7.12 - holding back on the 6.8 upgrade to the new year.
Tim, this is great! However it overwrites the insightdb radius_acct.calling_station_id with the mac address of the client. Now it seems I don't have access to the originating IP address of the VPN client unless this is getting written into the endpoints table now?
Update: I looked through the radius_acct, auth, endpoints and I can no longer find the origniating IP address of the client. I guess I'll disable this for now as the originating IP is more important than the MAC for now.
Tim, Can we find a way to get both the MAC and the originating IP?
Trying to leverage this feature. I enabled the option under RADIUS server parameters to parse the Cisco-ACPair for the client's MAC address. Looking at an authentication request from the ASA in my lab (ASA5505), the authentication request includes the Cisco-AVPair mdm-tlv=device-mac, but not device-public-mac.
I see this log in the ClearPass logs.
INFO RadiusServer.Radius - rlm_service: device-public-mac= value not present in any of Cisco-AVPairs
So it looks like ClearPass is parsing for device-public-mac, not device-mac. Is there a specific version I need for this to work.
Running ClearPass 6.9.2
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.