I'm sure that I'm just missing something here. I would like to add the status condition from my endpoints to my enforcement policy for MAC auth. Is this possible?For instance I would like to manually move the endpoint status to Known and have this be part of my enforcement.Thanks!Jason
If i understand you, you want to change the status of an endpoint by the enforcement policy?If yes, do it by creating post-auth profile and in the rules, add: Status-Update : Endpoint : Knownand then add to your enforcement policy.
This did not work. There is a condition you can use in role mapping or enforcement (where I chose) to match the known/unknown condition of the endpoint.Authentication:MacAuth equals KnownClient (or UnknownClient)I did find this in documentation. It was kind of obscure but a little configuration and testing confirmed my configuration.
Easiest way is to add enforcement profile [Update Endpoint Known] to your enforcement policy.Best, Gorazd
You may already be aware but just in case you are not, you can use mac-auth instead of allow-all-mac-auth auth-source to automatically reject any devices that are not marked "known"
Just to add to this thread with regard to mac authentication. You can utilize the auth method [MAC-AUTHENTICATION] vs the [ALLOW ALL MAC AUTHENTICATION] to reject any auths that are not from devices that are marked "KNOWN". Alternatively you can use [ALLOW ALL MAC AUTHENTICATION] along with profiling data to select the appropriate enforcements.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.