Security

How do I query the endpoint repository for a device that presents no host mac address?

In my case, Cisco Anyconnect doesn't present this, only a Cisco AVPair of mdm-tlv=device-mac=XX-XX-XX-XX-XX-XX

I want to be able to query its Endpoint EMM attributes (ie. MDM Enabled).

Try this (assuming you're on 6.8.0+):

1. Go to Administration > Server Manager > Server Configuration and select the ClearPass server.
2. On the Service Parameters tab, in the Select Service drop-down list select RADIUS server.
3. Scroll down to the Main parameters and select yes for the Parse Cisco-AVPair to get device mac option, and then click Save.

Ah thanks Tim. Currently on 6.7.12 - holding back on the 6.8 upgrade to the new year.

Tim, this is great!  However it overwrites the insightdb radius_acct.calling_station_id with the mac address of the client.  Now it seems I don't have access to the originating IP address of the VPN client unless this is getting written into the endpoints table now?

Update: I looked through the radius_acct, auth, endpoints and I can no longer find the origniating IP address of the client.  I guess I'll disable this for now as the originating IP is more important than the MAC for now. 

Tim, Can we find a way to get both the MAC and the originating IP?

Thanks!

Trying to leverage this feature.  I enabled the option under RADIUS server parameters to parse the Cisco-ACPair for the client's MAC address.  Looking at an authentication request from the ASA in my lab (ASA5505), the authentication request includes the Cisco-AVPair mdm-tlv=device-mac, but not device-public-mac.

I see this log in the ClearPass logs.

INFO RadiusServer.Radius - rlm_service: device-public-mac= value not present in any of Cisco-AVPairs

So it looks like ClearPass is parsing for device-public-mac, not device-mac.  Is there a specific version I need for this to work.

Running ClearPass 6.9.2