Contributor I

Endpoint Attributes when creating device in Guest



if we create a device with the mac_create or mactrack_create form in guest, should we see the selected Account Role ([Employee]) in CPPM at the Endpoint assigned as attribute Guest Role ID (3)?

We see the MAC as Endpoint after being created in uest but it doesn´t have any attributes.


We would like to allow employees to register devices and let those devices authenticate via MAC-AUTH afterwards.

We also run self registered Guest access with sponsor confirmation as well on the same SSID.


As those manually created endpoints don´t have attributes we can´t match on them and allow mac-auth without the captive portal redirect.


What am I missing/misunderstanding?


Clearpass 6.5.5









Guru Elite

Re: Endpoint Attributes when creating device in Guest

You would use the guest device repository as an auth source. Put Guest Device Repository above endpoints repository in your auth source list.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Endpoint Attributes when creating device in Guest

I figured that out right now.


Also needed to add "GuestUser:Role ID  EQUALS  3 = EMPLOYEE" to the role mapping policy.


Thanks a lot,


Search Airheads
Showing results for 
Search instead for 
Did you mean: