Contributor II

Clearpass - Cluster-Wide Parameters - Cleanup Interval

Hi there,


I'm trying to understand the configuration we need to apply from the 'Custer-Wide parameters' section of Clearpass to keep our Endpoint database in check so we automatically purge nodes on a regular basis.


We currently offer BYOD Wireless connectivity for all internal employees, limiting their allowed devices to a maximum of 2. As time has progressed and people's Wireless devices are naturally upgraded/replaced we've found that users are unable to connect to the SSID due to their device limit being reached. Obviously I can manually delete entries, but this is quite a cumbersome process, going forward I believe I can modify the parameters in the Cleanup Intervals tab to remove devices that have previously connected, but have shown no activity in the last 60 days, but I'm just seeking a little clarification on the configuration that is available:


Maximum inactive time for an endpoint - Currently set to 0 days - Enable and set to 60 days - Do I need to enable any other options in line with this? Also, if I set this value, I'm assuming it works from the 'Updated At' date of the endpoint?


Known endpoints cleanup interval - Currently set to 0 days - Do I need to set this to a value or if I do, will it remove accounts irrespective of their activity timelines, so has the potential to remove devices that are still being used?


Profiled Known endpoints cleanup option - Currently Disabled - Set to Enable - Do I need to enable this to work with the inactive time interval specified above?





Guru Elite

Re: Clearpass - Cluster-Wide Parameters - Cleanup Interval

Once their certificates expire, they will no longer be valid. You can also change the retention values for the CA.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass - Cluster-Wide Parameters - Cleanup Interval

This is just for the endpoint entry - So mac and associated attibutes. There is no certificate information included as far as I'm aware.

Contributor I

Re: Clearpass - Cluster-Wide Parameters - Cleanup Interval

I am also curious about these settings. If I just have the "Maximum inactive time for an endpoint" set to 30 days, devices that haven't been on the network for over 2 years are still in the endpoints repository. If I set a number (7) for the "Known endpoints cleanup interval", it wipes out all devices, not just those that have been inactive for 30 days. That's a problem for us since we have a lot of endpoints added with specific attributes that are not replaced when they reconnect to the network on their own.

Search Airheads
Showing results for 
Search instead for 
Did you mean: