Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Automatic Endpoint Device Provisioning

This thread has been viewed 0 times

  • 1.  Automatic Endpoint Device Provisioning

    Posted Nov 14, 2017 05:22 AM

    Dear Community,

    One of our clients challenges us .... They want to use their CPPM for automatic endpoint discovery and provisioning. The process is as follows:

     

    A) The client’s IT team runs a network switch with say 3 port groups. Each port group is assigned a specific VLAN with defined rules. Port group 1 = Printers

    port group 2 = office pc, port group 3 = training pc. The IT teams uses these connections to automatically install images etc... .

     

    B) The clients requests following automatic process:

     

    1. Once the device is plugged in CPPM should discover the device and register it register it with the endpoint repository.

    2. Enable the device by setting status to Known

    3. Assign it to a certain group by updating the UDID and of  the VLAN.

    4. Set the description content to a predefined value based on the port    group definition i.e. Printer Finance.   

     

    How can we convince CPPM to automatically poll the said ports (called "trusted ports) and insert the endpoints automatically into the datbase.

     

    Thanks a lot!

    Uwe 

     



  • 2.  RE: Automatic Endpoint Device Provisioning

    EMPLOYEE
    Posted Nov 15, 2017 04:00 AM

    ClearPass does not reprogram your switch, ClearPass provides dynamic access decisions to your switch.

     

    Very related functionality in ClearPass is profiling, which dynamically puts your devices on the correct VLAN when you plug them into the network.

     

    I created some videos on how that can work in this video series. Then jump to Aruba ClearPass Workshop - Wired #3 - ClearPass Profiler for wired for this specific topic. Basic idea is that all ports are the same and no matter what you plug into what port, the right access is provided.

     

    Also please work with your ClearPass partner, or Aruba ClearPass SE to create the optimal design.



  • 3.  RE: Automatic Endpoint Device Provisioning

    Posted Nov 15, 2017 01:51 PM

    I may have not expressed myself clearly. The question is not to program the switch (which is not expected by CPPM). Profiling is of course understood. We are a long term Aruba partner and work with CPPM since 2012. I was perhaps thinking into the wrong direction.

     

    However, our client is looking at another radius product which seems to meet their requirements more than CPPM. There other parts of CPPM they don't like at all. Mainly the in their eyes very limited backup features.

     

    Thanks any way.

     

    Cheers