Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Endpoint Attributes when creating device in Guest

This thread has been viewed 6 times

  • 1.  Endpoint Attributes when creating device in Guest

    Posted Apr 22, 2016 06:02 AM

    Hi,

     

    if we create a device with the mac_create or mactrack_create form in guest, should we see the selected Account Role ([Employee]) in CPPM at the Endpoint assigned as attribute Guest Role ID (3)?

    We see the MAC as Endpoint after being created in uest but it doesn´t have any attributes.

     

    We would like to allow employees to register devices and let those devices authenticate via MAC-AUTH afterwards.

    We also run self registered Guest access with sponsor confirmation as well on the same SSID.

     

    As those manually created endpoints don´t have attributes we can´t match on them and allow mac-auth without the captive portal redirect.

     

    What am I missing/misunderstanding?

     

    Clearpass 6.5.5

     

    Thanks,

    Christian

     

     

     

     

     



  • 2.  RE: Endpoint Attributes when creating device in Guest
    Best Answer

    EMPLOYEE
    Posted Apr 22, 2016 08:05 AM
    You would use the guest device repository as an auth source. Put Guest Device Repository above endpoints repository in your auth source list.


  • 3.  RE: Endpoint Attributes when creating device in Guest

    Posted Apr 22, 2016 09:12 AM

    I figured that out right now.

     

    Also needed to add "GuestUser:Role ID  EQUALS  3 = EMPLOYEE" to the role mapping policy.

     

    Thanks a lot,

    Christian