Security

Reply
Highlighted
Frequent Contributor II

ClearPass Enforcement Policy Guest Device Repository

I'm trying to leverage the a policy that uses Authorization:[Guest Device Repository]. There are three name options for said type, AccountStatus, RemainingExpiration, and Sponsor. AccountStatus. I was hoping to use AccountStatus but I'm not sure what values it contains for active/disabled so I've only been able to use "Exists" but I want to be more implicit. Can someone tell me the options or how I can get into the database backend to check the values?

 

Thanks,

 

Rosie


Accepted Solutions
Highlighted
Moderator

Re: ClearPass Enforcement Policy Guest Device Repository

225 = disabled
226 = expired
0 = enabled and valid


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: ClearPass Enforcement Policy Guest Device Repository

225 = disabled
226 = expired
0 = enabled and valid


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Frequent Contributor II

Re: ClearPass Enforcement Policy Guest Device Repository

As always, thank you for the quick reply Tim. Is that status of the account or of the device? I disabled the device and it is sitll receiving a 0 for accountstatus. I am assuming I asked the wrong question at this point.

Highlighted
Moderator

Re: ClearPass Enforcement Policy Guest Device Repository

The device account. Guest Device Repository is used for device registration (headless, IoT, traditional MAC address registration, etc)


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor II

Re: ClearPass Enforcement Policy Guest Device Repository

I must just be impatient. Do you know how long it takes for a disabled device to "register" with the enforcement policies? It is behaving as expected now.

Highlighted
Moderator

Re: ClearPass Enforcement Policy Guest Device Repository

It may have been cached.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
New Contributor

Re: ClearPass Enforcement Policy Guest Device Repository

Tim, 

 

I have a ClearPass Lab environment running CPPM version 6.7.9.109195.

 

I am working through your "Wired Policy Enforcement Solution Guide" and I am stuck in the MAC Authentication Enforcement Policy section of the guide (Page 28). When trying to create the 5th condition, "Authorization: [Guest Device Repository]:Device Account Enabled EQUALS (true), "Device Account Enabled " is not an option in the dropdown menu.

 

I have attached my Enforcement Policy for comparison. Just wanting to verify that my 5th condition is configured correctly. Thanks.  

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: