also you if you want to make use of the endpoint db, you need at min to sed your client dhcp request to clearpass with "ip-helper" command on your router/L3 switches
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Feb 23, 2023 11:03 AM
From: Aruba WB
Subject: ClearPass does not identify SmartDevices in WIFI Authentications
If you are using computer authentication (or a combination of computer/user authentication) you can use the machine authenticated attribute to verify the device is AD joined. If the machine authenticated attribute is not set you know that it's not a AD joined device. I would not go for the endpoint attribute filtering approach.
Regarding the endpoint database, are you forwarding the DHCP requests to ClearPass?
------------------------------
William Bargeman
Systems Engineer Aruba
Original Message:
Sent: Feb 23, 2023 10:54 AM
From: AM87
Subject: ClearPass does not identify SmartDevices in WIFI Authentications
Hi everyone,
I have an 802.1x service authenticating coporative users only for WIFI connections, but I want to exclude Smart Device connections (users can only be authenticated if using computers).
Some devices are profiled in the Endpoints DB with the category and the OS info, but others don't.
I do have two cases:
1. A user is connected to the WIFI and then tries to authenticate and it appears as Computer. Everything OK in this case.
2. A user with another computer tryes to connect but this time the Enpoint attributes are empty and I can't filter him in the enforcement rules.
Why can this be happening?
Thanks!