Security

Reply
Contributor I

Ability to Query External ClearPass Endpoints database

I have a customer with two ClearPass 25k server in high capacity guest services a public SSID.  I have two 5k CP servers for internal dot1x so they are not in the same cluster. Customer wants the 25ks guest service policy to query the 5k's endpoints database and if it exists then deny the device access to the guest network.  I get the compatibility with SQL databse but am uncertain about this. 

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite

Re: Ability to Query External ClearPass Endpoints database

Yes, you can do this using the appexternal account referencing the tips_endpoints table in tipsdb.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Ability to Query External ClearPass Endpoints database

Just got it working with radius proxy.  Thanks for the feedback.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Frequent Contributor I

Re: Ability to Query External ClearPass Endpoints database

Hi Cappali,

It is safe to change the "appexternal" user password in cluster wide parameters, will this interfiere or impact in any way?

Guru Elite

Re: Ability to Query External ClearPass Endpoints database

Yes. The default password is randomly generated. If you’re not using it for anything else, then you can change it without impact.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Ability to Query External ClearPass Endpoints database

Thanks for your quick reply, I will go ahead and start testing :)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: