Security

Can you do mac caching without self registration on CP guest?

You can do device registration and have a user enter the MAC of the device and then leverage that for MAC auth port/SSID.

so the user enters the detail manually?

What is the scenario? Is this a click-through type setup, sponsored, etc?

 

Yes - the user would enter this manually using a URL you provide.   Once provided, that device can then connect to the intended SSID.

captive portal, authentication source - local db + active directory, post auth populate endpoints database with mac - send CoA, subsequent auth with mac.

 

mac needs to be taken out of the portal redirect url, users typing this in themselves asking for trouble

There is a way of doing it and I'm in the process of testing our doc and updating. I hope to have it posted in a day or two.

Trouble I have is when I add AD as a secondary auth source it never seems to use it.  I am modifying a template

if there is any way I can assist in your testing please let me know

is this purely clear pass guest, so without policy manager? perhaps i have missed something but isnt this the usual clearpass guest + policy manager setup? first time normal login and then MAC caching kicks in?

After a conference call with tac we got it sorted. I will probably have to document a process flow chart for my own benefit and I'll post it up.