Security

Reply
MVP

FQDN entry for a device in ClPPM

We have a device which wants to use RADIUS to allow administrators access, yet moves from building to building. It's a Cisco switch used for training, and moves from store to store (usually without warning) and gets its address from DHCP.

The DHCP server notifies the DNS server, so we can ping it by name.

 

Right now, what we do is get the call from the tech (who didn't tell us he was moving it) asking us to make some configuration change. We ping the switch, go to CPPM and change the IP address of the device, then SSH into the switch and do what we must.

 

It would be nifty if we could skip the "change the IP address" in CPPM bit.

 

The field doesn't accept an FQDN, ny thoughts on how I could achieve the same result?

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: FQDN entry for a device in ClPPM

I don't think any AAA platform can do this because it's insecure. 

You could assign a DHCP reservation to the device in each subnet and add those IPs to ClearPass. 

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: FQDN entry for a device in ClPPM

I agree with the insecure bit, but the inconvenient is causing some pushback from the admins - looking for some way to simplify (25 "floating" switches, 150 DHCP scopes) into one easy CPPM thingy.

 

sigh...

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: FQDN entry for a device in ClPPM

You could make the ip address of the nas client in CPPM a big range, and send back an attribute or nas variable that will be a requirement by the service that would authenticate on that switch...

 

Nevermind



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: FQDN entry for a device in ClPPM

Yeah, that was starting to percolate in my head too.

 

I'll tell the admins to deal with the inconvenience while I think some more.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: