Security

Hello, 

This is a knowledge share to manipulate the endpoint attributes in Clearpass Policy Manager and changing the MAC address from non-delimiter to a required Delimiter. If you have a set of mac address that needs to be imported in CPPM as endpoint attributes. Create a couple of dummy mac address in CPPM and export the same. Open the exported .xml file in a chrome or firefox browser. Follow the belwo steps to add the convert the attributes as required. 

• Adding MAC to the endpoint  

1. Copied that first three or four lines to a note pad (After exporting the endpoint there should be Tips Content, Tips Header, Endpoints and there may be few other attributes based on the version).
2. Opened the Excel file which you sent and inserted a column before the MAC.  
3. Added [<Endpoint macAddress="]before the MAC (first column A1) and [" status="Known">] after the MAC address (Column C1).
4. Dragged up to the end and removed any spaces using Replace all (Find utility).
5. Copied the entire content to the note pad which was edited previously.
6. Added the last two lines as “</Endpoints>” and “</TipsContents>”. Saved the note pad file as “.xml”.

• Adding the static MAC/IP list.

1. Export the content after creating few dummy MAC or IP address list.
2. Copy the entire exported content to a notepad.
3. Open the customer provided mac list, Add comma “,” in the next Column of the excel sheet (probably from B1:Bxx).
4. Copy both the column and remove any spaces by using Ctrl+F and replace any space between MAC and comma. Leave a space after the comma.
5. Replace the dummy mac address with the copied mac address from the note pad.
6. Save the file and you are good to go.

• Changing the delimiter on the mac address.

• If mac is ‘aabbccddeeff’ to ‘aa:bb:cc:dd:ee:ff’ or ‘aa-bb-cc-dd-ee-ff’

1. Manipulate all the mac to one column (I did not mean row) in the excel sheet.
2. Leave the first cell empty A1.
3. Say of instance all the mac is present from A1 to A100….
4. 4.    Click on B2 cell and provide the below code on the Fx formula tab.      ------------à   
5. Add the code as below

=MID(A2:A900,1,2)&":"&MID(A2:A900,3,2)&":"&MID(A2:A900,5,2)&":"&MID(A2:A900,7,2)&":"&MID(A2:A900,9,2)&":"&MID(A2:A900,11,2)

                                                Note : 900 is the last mac entry on the excel sheet and A2 is the starting mac cell. ‘:’ highlighted in green replace with ‘-‘ if required.

1. Using the + sign on the bottom right corner of the cell, Drag the content to the end of the last mac address in ‘A’ cell.
2. This should replace all the mac with a delimiter.  

• Converting the mac to upper or lower case.

1. Select the entire B column (note I am assuming that you have your lower case mac on A column).
2. On the formula tab enter the below code.

=UPPER(A1:A900)                or      =LOWER(A1:A900)

• Removing any delimiter.

1. Copy the entire mac list to a note pad and using the replace function as mentioned earlier remove the content as required. 

Hope this helps, Note if you have additional attributes added on the Endpoint, Only TAC shall be able to convert that. 

We are trying to replace our registration process for wireless devices (mac address) with ClearPass .

And I was wondering if there's a way to create a (guest module) registration page and tie it to the ClearPass endpoint list.

I know that this could be done with Airgroup enabled in CPPM but there's another way to this without having Airgroup enabled

On the Registration page- if there is a NAS vendor setup. There is a Post authentication option: Check both the check box Policy Manager and Advance. 

This will be able to create a endpoint mac entry for the connected client. Let me know if this answers you question.