09-15-2014 10:20 AM
I'm using Clearpass guest to let students self-register their gaming devices.
Then a policy checks for the string "Gaming Console" in the endpoint_profile_device_category field.
So far, so good.
But there are a number of devices that doesn't account for. Wireless TV's for example.
There aren't so many devices (yet) that it would be a burden to whitelist these manually. What's the best way to do this?
I notice a "role_name" field. Can I create custom role names and create a rule in my policy based on that role name?
Other ways to accomplish this?
09-15-2014 10:24 AM
09-16-2014 05:22 AM
Sorry, you'd need to do a custom role and do a role map for this. Then use that role in your enforcement policy.
09-16-2014 12:26 PM
Thanks for the reply and the screenshot!
My setup looks very much like the one you provided, except I'm only looking for Game Consoles.
I'd like to allow those other device categories on the network (Home Audio/Video, Settop Box).
Are those being profiled automatically, or did you add those manually?
I've only seen Game Console show up in my profiled devices.
09-16-2014 01:11 PM
So let me revise my question.
I'd like to allow gaming devices, smaht TV's (:-)), etc. on the network.
But some gaming consoles, TV's, etc. don't get profiled correctly.
In fact, the fields like endpoint_profile_device_category don't even show up when I look at the device details.
What do you do with these devices?
Do you have a process for them to be manually authorized?
Is there a way to manually profile/categorize it as a gaming device, TV, etc?
09-16-2014 01:13 PM
Are you requiring the users to register them in MACTrac? If so, the device is then authorized.
You can manually change a profile in the endpoint database by selecting an option from the dropdowns of Category, OS Category and Device Name.
09-16-2014 01:28 PM
I was looking at the device in CPPM Guest.
I see where I can change those properties in CPPM.
But now, problem next:
When I try to change an endpoint I get the message: No Endpoints are updated. Endpoints which are already profiled only can be updated.
09-16-2014 01:33 PM
So the devices you are looking at have not been profiled yet?
Do you have a DHCP helper address pointed to ClearPass for the appropriate subnets?