Security

Reply
Contributor I

Endpoint Attributes when creating device in Guest

Hi,

 

if we create a device with the mac_create or mactrack_create form in guest, should we see the selected Account Role ([Employee]) in CPPM at the Endpoint assigned as attribute Guest Role ID (3)?

We see the MAC as Endpoint after being created in uest but it doesn´t have any attributes.

 

We would like to allow employees to register devices and let those devices authenticate via MAC-AUTH afterwards.

We also run self registered Guest access with sponsor confirmation as well on the same SSID.

 

As those manually created endpoints don´t have attributes we can´t match on them and allow mac-auth without the captive portal redirect.

 

What am I missing/misunderstanding?

 

Clearpass 6.5.5

 

Thanks,

Christian

 

 

 

 

 

Guru Elite

Re: Endpoint Attributes when creating device in Guest

You would use the guest device repository as an auth source. Put Guest Device Repository above endpoints repository in your auth source list.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Endpoint Attributes when creating device in Guest

I figured that out right now.

 

Also needed to add "GuestUser:Role ID  EQUALS  3 = EMPLOYEE" to the role mapping policy.

 

Thanks a lot,

Christian

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: