Valued Contributor I

CPPM front end to add mac addresses to static host list


A while back I set up a WPA2-PSK network for our comp sciece dept for a batch of raspberry pi's. As thre were only about 17 of them I set up a static mac address list on CPPM to be used for mac-auth and then checked that the dhcp signature said it was a raspberry pi. Only devices that had the shared key, whose mac address we knew about  and whose signature said they were raspberry Pis could conect to the network. A RADIUS filter-id attribute passed a string back to the mobility controller to apply a policy to the authenticated session.


I now want to roll out a version of this to our study bedrooms for all the dumb games consoles , TVs plu-ray players  and whatever else is out there that only supports WPA2-PSK. The problem is getting the device mac address into a clearpass list.


1). I could just say if ( <favourite games console> ) then Access-Accept with this enforcement policy, but  that wouldn't leave us with any accountability.

2). I could write a standalone web page that the user logs into and registers a mac address in an external db ... and set up an auth source that checks calling stationid against external db which I then use in the CPPM service

3). Is there  any way of restricting CPPM access for a user to a page that allows you to insert a mac address into a static list?

4). external web page using REST API to get at CPPM?


Any suggestions?



Guru Elite

Re: CPPM front end to add mac addresses to static host list

There is a full, end-user device registration system built in for exactly this purpose.


Screenshot (15).png

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Valued Contributor I

Re: CPPM front end to add mac addresses to static host list

Ah! That's in a bit I haven't looked at yet :-))
Perhaps a bit more reading required :-))
Search Airheads
Showing results for 
Search instead for 
Did you mean: