ClearPass RADIUS response for AirGroup AP-Group and AP-Name
01-09-2019 05:00 PM
I have a requirement where my AirGroup devices (AirPrint in most cases) are on a hard-wired VLAN, so the location-based AirGroup features don't apply to us.
Additionally, we didn't want the administrative overhead of adding all the printers to ClearPass Guest as AirGroup devices by our printer admin staff, since our printers are already in our LDAP directory.
To accomplish my objective, I wanted to have an additional "airgroup-ap-name" attribute in LDAP for my AirPrint printers, and have this AP-Name returned to the controller in the RADIUS AirGroup reply, via policy from ClearPass Policy Manager. However, I was not finding any documentation on how to accomplish what I needed without using ClearPass Guest as my device repository.
While support didn't exactly have the answer, I decided to revert back to using ClearPass Guest to see what RADIUS responses were being sent to the client from ClearPass Guest device repository. Upon doing so, I see that the Radius:Aruba:Aruba-Location-Id text/string attribute can be set to one of:
(where "airgroup_ap_name" or "airgroup"ap_group" is replaced with the AP/group name nearest the AirGroup server).
Hope this is helpful for others using nonstandard device repository for AirGroup.