Security

Reply
Occasional Contributor II

Mac caching and unknown Endpoint

Hello Community. 

 

I have a customer how wants to authorize his clients manualy. For that i check in the service if the endpoint is known and we use PEAP. He manualy marks the endpoints as know. That works fine for him.

 

Now we have a problem with mac caching. When a guest logs in the Wifi the Guest is marked as a known device that mac caching works. When i remove the update endpoint from the enforcement policy mac caching is no longer working. 

 

Does anybody has a idea how to realize that?

 

Regards Stefan

 

Guru Elite

Re: Mac caching and unknown Endpoint

I'd recommend you look at using the Guest Device Repository for handling
known device registration.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Mac caching and unknown Endpoint

Hello, that sounds good. But i don´t understand how i can add a device in Guest User Repository and how can i check this? In CPPM i find nothing. 

Guru Elite

Re: Mac caching and unknown Endpoint

Under guest, go to Create Device.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Mac caching and unknown Endpoint

Ok, but is it possible to create this automaticly when the guest is authenticaed?

Guru Elite

Re: Mac caching and unknown Endpoint

Sorry, looks like we're talking about different things.



You don't have to mark guests as Known. Instead you can change your
MAC-caching service to do Allow All MAC-Auth and remove the Update Endpoint
Known action.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Mac caching and unknown Endpoint

I think so. Ok, i have to create a new enforcement Profile an allow all Mac? Is that also a Post_Authentication Endpoint Atribute?

 

 

Guru Elite

Re: Mac caching and unknown Endpoint

No, it's the authentication method in your MAC-Auth service.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Mac caching and unknown Endpoint

Ok, this is at the moment at Endpoint Repository. And i have to change it to? 

Guru Elite

Re: Mac caching and unknown Endpoint

That should be the auth source. Above that, you should have Auth Methods.
Remove MAC Auth and replace with Allow All MAC Auth

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: