Security

Reply
Super Contributor II

Enforcement Profiles and Device Group List

Hi,

 

Just wondering what the purpose of the Device Group List is when configuring Enforcement Profiles.

 

How is the Device Group List used within a profile?

 

Cheers

Guru Elite

Re: Enforcement Profiles and Device Group List

If you assign a device group to a profile, you can return multiple enforcement profiles at the same time and ClearPass will send only the one that matches the source NAD.

It's a niche feature for some unique use cases and isn't commonly used.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: Enforcement Profiles and Device Group List

When you "you can return multiple enforcement profiles at the same time" what exactly do me mean?

Do you mean that a single client request can be answered with multiple enforcemnt profiles? Or that he enforcement profile will be sent out to multiple devices contained with the device list?

 

What would be a situation where you would want to do something like this?

Guru Elite

Re: Enforcement Profiles and Device Group List

In your policy, you could specify multiple enforcement profiles and ClearPass would send he correct one to the NAD based on the source of the request.

For example, using a single service for multiple vendors (I personally wouldn't recommend this).



TIM CAPPALLI

Aruba Security

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: Enforcement Profiles and Device Group List

I appreciate you taking the time the explain in more detail.

I think I understand what you are saying.

 

Good to know what it is for. I don't have a user for it, but good to know what it is there for.

 

Cheers

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: