Security

ย View Only

  • 1.  ClearPass MAC Caching โ€“ Time Source Attribute Not Being Resolved in Endpoint Update

    Posted 8 days ago

    Hi,

    I am working on ClearPass MAC Caching with Cisco 9800 and Self Registration Portal.

    I'm trying to use the built-in Time Source attribute One Day DT to set an endpoint expiration value.
     
    Post-Authentication Enforcement Profile:
     
    Endpoint:MAC-Auth Expiry = %{Authorization:[Time Source]:One Day DT}
     
    Actual result:
     
    MAC-Auth Expiry = %{Authorization:[Time Source]:One Day DT}
     
    Time Source variable is written literally and is not resolved.



    image
    I have a webauth policy to push this Enforcement Profile 

    image
    After Authentication, Endpoint attribute is not updating 

    image

    is it bug or i am missing something ? Please help .

    Thanks 
    Subhojit 


    -------------------------------------------


  • 2.  RE: ClearPass MAC Caching โ€“ Time Source Attribute Not Being Resolved in Endpoint Update
    Best Answer

    Posted 7 days ago

    Did you enable add the Time Source as a Authorization source? 



    ------------------------------
    Willem Bargeman
    Systems Engineer Aruba
    ACEX #125
    ------------------------------



  • 3.  RE: ClearPass MAC Caching โ€“ Time Source Attribute Not Being Resolved in Endpoint Update

    Posted 7 days ago

    Thanks Willem,

    I found the root cause of the issue.

    I was initially trying to update the MAC Address Expiry attribute from the WebAuth Policy. Since WebAuth services do not allow configuring Authorization Sources in the same way, the Time Source attributes were not being resolved and were being written literally to the endpoint database.

    I moved the logic to the MAB Policy, where the Time Source Authorization Source is available, and everything is now working as expected.

    Thank you.It helped me troubleshoot the issue and arrive at the correct design.


    Original Message


  • 4.  RE: ClearPass MAC Caching โ€“ Time Source Attribute Not Being Resolved in Endpoint Update

    Posted 7 days ago

    As @Willem mentioned,
    enable the Time Source as an authorization source.

    After that, you can check in the Access Tracker under Authorization Attributes to see if the authorization source is working.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: ClearPass MAC Caching โ€“ Time Source Attribute Not Being Resolved in Endpoint Update

    Posted 7 days ago

    Thanks Lord,

    Much Appreciated for help.๐Ÿ™‚ 


    Original Message


Related Content