Security

Reply
Highlighted
Contributor I

CPPM Endpoint attribute allow multiple

I am using [Last Known Location] default attribute in the endpoint database to store the last authenticated location for wireless and wired devices using appropriate NAS fields from RADIUS.  I want to include some sort of audit trail for wired devices as they move around campus, so I made a copy of this attribute in the dictionary and called it AllKnownLocations with Allow Multiple set to "Yes".

 

I thought that this would cause new copies of the attribute to be created when it returned during authentication, but that is not how it is working...it is overwriting the last value just as it does for [Last Known Location].  Has anybody else done this?  Is Allow Multiple only for manual attribute changes?


Accepted Solutions
Highlighted

Re: CPPM Endpoint attribute allow multiple

Hello,

 

The allow multiple will allow you to add multiple attributes that are entered manually or passed thorough an entity update (post auth update).  But when you update an allow multiple attribute with a single string, it will override the existing data with the new string and will not append the new string to the existing data.

 

Allow multiple is meant for you to pass multiple strings/data through an update and not to insert a new string with the existing data. I hope this clears the usage.

You should consider using an NMS or export authentication logs (Syslog log) to an external server for tracking. Insight reporting may also help.

 

 


Thank you,
Saravanan

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post


All Replies
Highlighted

Re: CPPM Endpoint attribute allow multiple

Dear, 

 

Allow multiple is applicable for list type data type. Since Last known location is string, Allow multiple is not applicable




ACMP / ACSP / ACCP / ACEP / ACDX # 663
CCIE R/S - 37956
Highlighted
Moderator

Re: CPPM Endpoint attribute allow multiple

No, this is not possible. This is really an NMS function.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted

Re: CPPM Endpoint attribute allow multiple

Dear Tim,

Lets consider the scenario in which i want to add usernames to the
endpoint. To know which user used a particular endpoint.

I have tried but entity update couldn't do it.

Whats the purpose and use case of allow multiple then?



ACMP / ACSP / ACCP / ACEP / ACDX # 663
CCIE R/S - 37956
Highlighted

Re: CPPM Endpoint attribute allow multiple

Hello,

 

The allow multiple will allow you to add multiple attributes that are entered manually or passed thorough an entity update (post auth update).  But when you update an allow multiple attribute with a single string, it will override the existing data with the new string and will not append the new string to the existing data.

 

Allow multiple is meant for you to pass multiple strings/data through an update and not to insert a new string with the existing data. I hope this clears the usage.

You should consider using an NMS or export authentication logs (Syslog log) to an external server for tracking. Insight reporting may also help.

 

 


Thank you,
Saravanan

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post

Highlighted

Re: CPPM Endpoint attribute allow multiple

Thanks Saravanan,

That makes sense. Is there any usecase which you can share in which we are
able to pass multiple values for entity update?



ACMP / ACSP / ACCP / ACEP / ACDX # 663
CCIE R/S - 37956
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: