Security

Reply
seo
Occasional Contributor II
Posts: 11
Registered: ‎01-18-2015

How do I expiring unused mac address automatically? where is last use mac data?

Thanks everyone. very thanks.

 

It's almost final-stage. I made external db for MAC sync, external web based manager-tool for monitoring mac address log-using appexternal!- with out CPPM root login. :)

 

Finally, I need to expire unused mac address automatically. (during 6 month or 1 year)

 

My scenario is... check 'last used date' and drop that mac-address from my external DB.

 

Where do I find last used date mac-address from my aruba systems? in CPPM? in Airwave?


ps: Anyone using CPPM with external DB like me? I need to more and more information especially in compliance, please email me.

thank very much.

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: How do I expiring unused mac address automatically? where is last use mac data?

You'd likely need to send syslog authentication records to your external
server and create a script that analyzes when a MAC address authenticates
and then remove it from your database. There is nothing inside of ClearPass
or the controllers that would do this for you as it's an external source.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
seo
Occasional Contributor II
Posts: 11
Registered: ‎01-18-2015

Re: How do I expiring unused mac address automatically? where is last use mac data?

Hi, Cappalli

Thanks.

 

Maybe external using from CPPM or controller is impossible, I will try monthly automatic backup/download from my Linux box from CPPM and Airwave using curl or another tool. It's enough to check in a month.


Many of compliance needs to expiring unused auth methods, I think 'backup of CPPM' (it's Postgress DB), has some last used mac address log. there is many tips_end~~~ view and table.

How about this scenario?

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: How do I expiring unused mac address automatically? where is last use mac data?

Why not just import your list of MAC addresses to the endpoints repository? 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
seo
Occasional Contributor II
Posts: 11
Registered: ‎01-18-2015

Re: How do I expiring unused mac address automatically? where is last use mac data?

Thanks,

 

It's for management and security reason. The MAC address is very dynamic and massive.

 

Our office needs to sync mac-auth globally, then I made external DB for sync mac-address between offices. It's very simple and convinient

And If using endpoint repository everyone login in CPPM with administrative privileges. So I made view and insert DB system for our MAC-AUTH.

Is it possible to expiring unused mac-address with endpoins repository? Sorry, I'm not familiar CPPM operating environment, give me expiring unused macaddress best practice with endpoins?

May be I'll find some hints from that.

thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: