How To Set MAC Caching/Authentication Expiry Date To End Of Current Month?
Cache mac address of users from any day of current month till end of current month.
- For ClearPass MAC caching flow, by default mac caching expiry values will be stored in Endpoint field: MAC-Auth Expiry which is a date-time type field.
- In order to set MAC-Auth Expiry value to end of current month, we need to utilize following SQL query:
select (date_trunc('month', localtimestamp(0)) + interval '1 month - 1 day'+ interval '1 days') as eom;
- For example, if current date of the server is 17-Apr-2019 12:22:00 then using above query, we will get output datetime = 01-May-2019 00:00:00
Note: Endpoint field MAC-Auth Expiry has data type of "date-time". Hence, we need to make sure that if we are storing any data in this particular field, it should be in date-time format like mentioned above.
- We will be adding this custom query in [Time Source] source as a new filter
- Navigate to Policy manager>Configuration>Authentication>Sources>Click in [Time Source]>Attributes>Add more filters
- In order to use this filter, we could create entity update enforcement profile
- Go to Policy manager>Configuration>Enforcement>Profiles>Add Profile>Template:ClearPass Entity Update Enforcement
- Now we could use this newly created profile in our existing service to store MAC-Auth Expiry values in endpoint post successful captive portal authentication by users.
- Or we could edit existing profile that is responsible for storing MAC-Auth Expiry values and replace the value as mentioned above in screenshot.
Note: We are fetching this values from Time Source during Authorization phase. It is mandatory to have [Time Source] as authorization source in MAC caching service (service which will be used to categorize captive portal logins from users).
- Access tracker snippets: