ClearPass Tiny Bite 2 – Return Device Name

Very often, it is useful to return the device name if the device is doing mac authentication only against ClearPass. This will help the administrator view devices on the controllers with their associated device name instead of thier MAC address.

If you use ClearPass “Service Templates – Guest Authentication with MAC Caching”, this is handled by default by ClearPass as shown below. ClearPass will return the associated username with the subsequent “MAC authentication” request. No special configuration is needed.

If you carefully examine what ClearPass did in the background, you will notice that the MAC authentication Radius request didn’t include the username “ayman@test.com” but rather it included MAC address only. However, ClearPass is intelligent enough to put it in the summary to make it easier for the operator to troubleshoot.

However, many times, you might need to use mac-authentication only without caching. As such, you can easily mimic a similar behavior by returning the “Radius-IETF: Username” associated with that mac-address. The value that you fill can be taken from any Endpoint attribute that you store for that endpoint.

For example, in the below request, ClearPass returned the DEMO_VM username for this mac authentication request.

If you check the Radius Request parameters, it didn’t include this username. However, ClearPass managed to fill it in the username field (at the top) to make it easier for the operator. It also filled it as part of the service request.

Hope you find this useful. Feel free to post any comments.

Leave a Reply