Security

Reply
Contributor II
Posts: 90
Registered: ‎12-06-2014

Clearpass policy for allowed devices

I would like to setup Clearpass to only allow company owned devices on my network. This includes windows domain systems, ipads, and androids owned by employees. I need to apply this policy to my wireless, wired and vpn infrastructure. Can someone get me pointed in the right direction, make suggestions, propose designs and instructional documentation supporting this design.

 

I do not have onboard nor will be getting it. Thank you

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Clearpass policy for allowed devices

Do you have a database of corporate owned devices? If not, how will you determine corporate assets? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 90
Registered: ‎12-06-2014

Re: Clearpass policy for allowed devices

The goal was to have clearpass start collecting mac(s) on the network for a week or 2 and build that DB. Need instruction how to turn that on? 

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Clearpass policy for allowed devices

Add a helper address to all of your user L3 interfaces pointing to ClearPass. This will allow ClearPass to profile devices and build up the internal database. It will not, however, tell you what is company-owned vs BYOD. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,022
Registered: ‎03-29-2007

Re: Clearpass policy for allowed devices

Kong_Down,

 

Even if it collects mac addresses, you still have to determine what is a company device or not.  The only "reliable" way is to have a list of mac addresses.  If it is a Windows device, and it is configured for machine authentication, CPPM can keep track of devices that have machine authenticated and treat them differently.  If they are company devices that are non-windows, you would need to come up with a list of mac addresses so that clearpass can treat them differently.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 53
Registered: ‎12-09-2013

Re: Clearpass policy for allowed devices

I've got all the MACs in the database. for the wired network, what will the user experience look like when pluggining in corp devices? What needs to happen on the switches or next steps?

Search Airheads
Showing results for 
Search instead for 
Did you mean: