Frequent Contributor II

MAC authentication

I need a clarification for MAC authentication:  Is it possible for CPPM to know a device's OS when using MAC authentication?  There is no profiliing since there is no user authentication.  The controllers ID's the devices properly but I can't get CPPM to use that information for role assignments.


I'm working with TAC but I'm not sure I've explained it correctly to them.  I keep seeing ChromeOS in traces but they say they don't see it in the traces.  CPPM does not indicate in the 'input' tab anything to indicate the OS of the device when using MAC authentication.

MVP Guru

Re: MAC authentication

What you need to do is enabled to profile Endpoints:


2015-01-08 09_23_32-ClearPass Policy Manager - Aruba Networks.png


Then at end of your profile add that if is not profiled to dumb it in "PROFILING VLAN or ROLE"

2015-01-08 09_22_54-ClearPass Policy Manager - Aruba Networks.png

And then it will get CoA by the Profiler

2015-01-08 09_23_15-ClearPass Policy Manager - Aruba Networks.png


Make sure you enabled CoA on the controller

2015-01-08 09_26_36-Authentication Profiles.png


Thank you

Victor Fabian
Lead Mobility Architect @WEI
Guru Elite

Re: MAC authentication

You can set up a role map that uses the controller's profile. This can be beneficial if you don't want to wait for the device to profile and force them to reauth again.





| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: