Security

I'm using HP wired Switch 802.1x and I see endpoints profiler is not profiled so I wanted to know what may be the problem I want to know if thsi configurations is right ,also what is the right enforcment should be done ?

 

Role name :Unknown Device

Role-Mapping
(Authorization:[Endpoints Repository]:Category  NOT_EXISTS   )     Unknown Device

 

Endorcment Policy

tips role equals [user auuthenticated]
tips role equals 802.1x authentication
tips role equals unknow device

 

 

 

 

 

 

Do you have helper addresses configured on the L3s?


Thanks,
Tim

so you said that I have do IP helper address pointing to clearpass IP on the Interface VLAN?

Yes. Whichever interface is the client's DG, should have a helper address. Sometimes this is upstream of the edge switch..


Thanks,
Tim

One more thing Mr tim what VLAN Enforcment should be the Action for the unknown device?

You would want to return a dynamic ACL that only allows DHCP.


Thanks,
Tim

so for HP Switch what type of enforcment type can do this?

Page 28....

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=17690

damm, these TechNotes are pretty useful, shame that guy that wrote then never gets any Kudos...!!!!!......LO(very)L......