ClearPass Tiny Bite 1 – Updating last known location for Endpoint

Very often, it is very useful to keep track of the last known location of the endpoint that authenticates against ClearPass. This can be easily done by leveraging the “Post Authentication Enforcement” coupled with the inputs from the radius authentication request.

For example, in the below authentication request, we can get the AP name of Aruba access point via “Radius:Aruba:Aruba-Location-Id” and the controller Identifier via “Radius:IETF:NAS-Identifier”

As such, we can create a post authentication enforcement profile that updates the endpoint with a custom attribute that we call “Last Known Location”

Once the endpoint authenticates successfully, the endpoint attribute will be updated.

This information will now be saved part of the endpoint information as shown below.

You can use the same logic to store any useful information as an endpoint attribute. For Aruba switches for example, you might want to store the port number instead. The idea here is that you can leverage any attribute that is part of the Radius Request and reference it in your assignment by leveraging %{ } notation.

Hope you find this useful. Feel free to post any comments.

Leave a Reply