Security

I would like to setup Clearpass to only allow company owned devices on my network. This includes windows domain systems, ipads, and androids owned by employees. I need to apply this policy to my wireless, wired and vpn infrastructure. Can someone get me pointed in the right direction, make suggestions, propose designs and instructional documentation supporting this design.

 

I do not have onboard nor will be getting it. Thank you

Do you have a database of corporate owned devices? If not, how will you determine corporate assets? 


Thanks, 
Tim

The goal was to have clearpass start collecting mac(s) on the network for a week or 2 and build that DB. Need instruction how to turn that on? 

Add a helper address to all of your user L3 interfaces pointing to ClearPass. This will allow ClearPass to profile devices and build up the internal database. It will not, however, tell you what is company-owned vs BYOD. 


Thanks, 
Tim

Kong_Down,

 

Even if it collects mac addresses, you still have to determine what is a company device or not.  The only "reliable" way is to have a list of mac addresses.  If it is a Windows device, and it is configured for machine authentication, CPPM can keep track of devices that have machine authenticated and treat them differently.  If they are company devices that are non-windows, you would need to come up with a list of mac addresses so that clearpass can treat them differently.

 

I've got all the MACs in the database. for the wired network, what will the user experience look like when pluggining in corp devices? What needs to happen on the switches or next steps?