Custom Device Tracker using Clearpass NAC

Share your Projects!
1

I’m working on a custom component to track devices based on their status within Clearpass. It works Ok, but I could use some pointers on how to improve it. One, the tracker seems to be very delayed in scanning and updating hosts. The other issue I have is when get_device_name is called and the name is returned, it’s not updating known_devices.yaml with the name. Also, the get_extra_attributes is not returning the IP of the device, but that is less of a concern.

Thanks in advance!

class CPPMDeviceScanner(DeviceScanner):
def init(self, hass, cppm_host, api_key, scan_interval):
_LOGGER.debug("-------------INIT CALLED--------------")
self._hass = hass
self._cppm_host = cppm_host
self._api_key = api_key
self._scan_int = scan_interval
self.success_init = self.get_cppm_data()

async def async_scan_devices(self):
_LOGGER.debug("------ SCAN DEVICES CALLED. ------------")
self.get_cppm_data()
return [device[‘mac’] for device in self.results]

async def async_get_device_name(self, device):
_LOGGER.debug("------ RESOLVING DEVICE NAME ----")
return [device[‘name’] for device in self.results]

async def async_get_extra_attributes(self, device):
“”“Return the IP of the given device.”""
filter_ip = next((
result[‘ip’] for result in self.results
if result[‘mac’] == device), None)
return {‘ip’: filter_ip}

@Throttle(SCAN_INTERVAL)
def get_cppm_data(self):
------------SNIP---------------
if json_r[‘is_online’] == True:
device = {
‘ip’: json_r[‘ip’],
‘mac’: json_r[‘mac’],
‘name’: json_r[‘device_name’]
}
devices.append(device)
else:
continue
_LOGGER.debug("-----------Update successful!-----------")
self.results = devices
return True

2

So, I use ClearPass as well to track devices, but I use radius accounting (starts and stops), long lived tokens to change the state of a device tracker in Clearpass:

First, I create an Endpoint Context Server pointing to my instance of HA by going to External Server> Endpoint Context Server

18
181321×728 59.2 KB

http method is post, authentication method is basic and the URL is /api/states/device_tracker.yourdevicename

Then I create a context server action by going to Administration> Dictionaries> Context Server action and create a new context server action:

08
081151×713 51.7 KB

On the header tab, I put Content-Type application/json, Authorization Bearer, a space and then the long lived access token from HA:
02
021146×719 56.2 KB

The content tab is as follows. Note that after completing these steps I have to duplicate this context server action and then change the state type for an action to set the device tracker state as “not_home”
16
161158×719 31.5 KB

I would just save it and then duplicate it and change the state to not_home like I mentioned above so that I can trigger my device as not_home.

I would then create an enforcement policy referencing the http action:

39
391035×484 36.8 KB

11
111293×308 31.2 KB

Lastly,In my service, I would just have an enforcement policy that checks for the mac address:

Connection:Client-Mac-Address-Colon EQUALS 9c:79:5c:ba:26:34) and then put in the Enforcement Policy that I created above.

I hope any of that makes sense. I saw your component and I wanted to upgrade to try it, so I did a search for ClearPass and saw this…

3

Yeah I made this post long before I completed the component.

I’m currently upgrading the component to make it a lot more efficient. I havent had a chance to make the commits, though.

4

If you PM me, I would be happy to test anything you have.