Security

Hello,

I am using CPPM 6.3.1 and want to create authentication for a printer, or any headless devices. 

First I create the device in Guest:

 

In CPPM Authentication Sources only [Guest Device Repository] and [Guest User Repository] are used. 

Assign role TIPS-HEADLESS if SponsorName EXIST  

 

Enforcement to return the HEADLESS role to controller

 

PROBLEM: the printer has never hit TIPS-HEADLESS role

Thanks.

 

 

 

You need to do the guest device repository on a RADIUS MAC authentication
service. Do you have a MAC check service?

Tim,

Thanks for quick reply. Yes that is my problem. MAC AUTH added, and it works!!!!

 

You should really separate out your MAC auth and web auth into separate
services.

You can use the service template "guest access with MAC caching" to do
this.

Tim,

I am very approciated you advice.  If you don’t mind, I’d like to follow up with a question: I am using guest to connect and authorize wireless printer.  Can I move printer to different VLAN after it was authenticated? 

 

Best Regards,

 

With a MAC auth, yes.

 

There are two ways of doing this:

 

1) Create a printer user-role on the controller and attach a VLAN to it.

2) Return a VLAN ID or VLAN name with an enforcement profile in your enforcement policy.

 

 

Score again.  Thanks Tim.

 

I use #2, return VLAN ID from CPPM.  First an atribute "Aruba-User-Vlan" must be added to server group at the controller, then add VLAN ID to Enforcement profile.  Works like a champ!!!