Security

Reply
Occasional Contributor II

Clearpass Guest Device Deletion

Hi,

 

I have a MacTrac device registration implementation based on the following: http://community.arubanetworks.com/t5/Security/How-To-Advanced-Device-Registration-in-ClearPass-November-MHC/td-p/217291

 

One issue I have noticed is that when an end user removes a previously created device from within CPG it does not also remove it from the Endpoints Repository.

 

Is there any magic you can think of that might work around this?

 

Cheers

Shaun

 

 

Occasional Contributor II

Re: Clearpass Guest Device Deletion

I also see a vice versa,

 

Whereby a device is MAC Authenticated with User Caching but does not show up within CPG.

 

Any ideas on how to marry the two together?

 

Cheers

Shaun

MVP

Re: Clearpass Guest Device Deletion

Hmm.. Can you verify that you are indeed using Guest Device Repository as authentication source? It sounds like you are using Endpoint Repository - which is the more common/default MACAUTH implementation


Regards
John Solberg

-ACMX #316 :: ACCP ::
ACSA :: Working on my ACCX!!
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Guru Elite

Re: Clearpass Guest Device Deletion

That's by design. The endpoint repository is designed to hold information that ClearPass discovered about the device (profile information, etc). There should be no need for it to be removed.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: Clearpass Guest Device Deletion

Don't think you read the whole post there Tim. His mac-auth service doesn't take into account the state of the device in the Guest Device Repository. If the device was removed in Guest Device Repository - the mac-auth should fail. To me that looks like it's authenticating based purely on Endpoint database information.


Regards
John Solberg

-ACMX #316 :: ACCP ::
ACSA :: Working on my ACCX!!
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Guru Elite

Re: Clearpass Guest Device Deletion

Then the service is misconfigured. Be sure that [GDR] is above [ER] in your authentication source list in the service. Also be sure you're using Allow All MAC Auth.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Clearpass Guest Device Deletion

Yep spot on it was a misconfigured service, I have configured how you described and all is now Ok.

 

Thanks all

 

Chhers

Shaun

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: