Security

Hello Community. 

 

I have a customer how wants to authorize his clients manualy. For that i check in the service if the endpoint is known and we use PEAP. He manualy marks the endpoints as know. That works fine for him.

 

Now we have a problem with mac caching. When a guest logs in the Wifi the Guest is marked as a known device that mac caching works. When i remove the update endpoint from the enforcement policy mac caching is no longer working. 

 

Does anybody has a idea how to realize that?

 

Regards Stefan

 

I'd recommend you look at using the Guest Device Repository for handling
known device registration.

Hello, that sounds good. But i don´t understand how i can add a device in Guest User Repository and how can i check this? In CPPM i find nothing. 

Under guest, go to Create Device.

Ok, but is it possible to create this automaticly when the guest is authenticaed?

Sorry, looks like we're talking about different things.



You don't have to mark guests as Known. Instead you can change your
MAC-caching service to do Allow All MAC-Auth and remove the Update Endpoint
Known action.

I think so. Ok, i have to create a new enforcement Profile an allow all Mac? Is that also a Post_Authentication Endpoint Atribute?

 

 

No, it's the authentication method in your MAC-Auth service.

Ok, this is at the moment at Endpoint Repository. And i have to change it to? 

That should be the auth source. Above that, you should have Auth Methods.
Remove MAC Auth and replace with Allow All MAC Auth

Perfekt. It works. 

 

Thank you very much :)

 

Regard Stefan