We were using AOS 6.3.1.3 with CPPM 6.3.4 until this last Thursday. We upgraded AOS to 6.3.1.13 while keeping CPPM the same version. Monday morning, our Chromebooks could not use MAC authentication to get onto our open/CP SSID. Nothing on CPPM changed (I triple checked the audit records).
Our CPPM roles looked for "RADIUS: Aruba: Aruba-Device-Type contains Chrome OS" to assign a TIPS role of "ChromeOS Device". The enforcement rules looked for the TIPS role of "ChromeOS Device" as well as another TIPS role indicating it was owned by us. For whatever reason, the TIPS role was no longer being assigned to the chromeOS devices as it had been before the upgrade.
Since the upgrade of AOS, I've also tried using "Endpoint repository :Device Name contains Chrome OS" and "Application: Clearpass: Device-Name equals Chrome OS" but nothing works.
Is there any way to get information automatically from the device/authentication/authorization process to indicate a device is chromeOS? Did the new AOS break something (as it appears to have done)?
I know I can do all sorts of things with putting attributes on devices in the endpoint repository but I don't want to make changes which could cause our over 22000 Windows devices from working properly. We using the owner attribute to ID all devices which belong to us which works fine as long as we can ID the ChromeOS. Once that stopped working, we were left out in the cold.