AAA, NAC, Guest Access & BYOD

How to revoke Onboard device/client certificates based on inactivity period

Aruba Employee
Requirement:

As a network admin, i wish to revoke a Onboarded device certificate, if the device is inactive for more than "X" number of days.



Solution:

From ClearPass 6.5.x, we have an option under device Onboard provisioning settings. If checked the certificates for devices will be revoked after a period, where the device is not seen on the network.



Configuration:

In order to configure this setting please navigate to CPPM > Guest > Onboard > Deployment and Provisioning > Provisioning Settings > Select the provisioning profile > click edit > General tab > navigate to "Action" section 

 

 

We also have option to add Inactivity Period interval . This will make sure that if a device does not authenticate on the network after this specified period, its certificate will be revoked.



Verification

We verified that after configuring the auto revoke option, the Onboard device certificates were revoked, post the configured time interval automatically.

Version history
Revision #:
2 of 2
Last update:
‎08-31-2015 02:39 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: