Security

Reply
Contributor II
Posts: 36
Registered: ‎03-21-2011

How to set an expire date for an endpoint?

Hi,

 

My customer is using CPPM 6.3 for Mac authentication. Here is the requirement:

 

An endpoint is allowed access before end of year say Dec 31, before that the Endpoint is valid. After that date, the endpoint is invalid and the user has to register the endpoint again.

 

I checked the endpoint database on CPPM, there is NO way to set a field for expire date, any idea?

 

Thanks,

Patrick

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: How to set an expire date for an endpoint?

How are they registuring the device? 

 

If its done with Mactrac, deivce rigisture then you can put a expire date on the deivce. if its just goes through a service you can use the known vs unknown to put a restriction on the device to force it to a page or deny access.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 36
Registered: ‎03-21-2011

Re: How to set an expire date for an endpoint?

Thanks Troy.

 

What is Mactrac?

 

They just use a page to authenticate against AD, then in the service I mark the endpoint as KNOWN.

 

But as you know in the endpoint DB there is no field called expire date.

 

Or is there an auto way (script or something) to flush all endpoint entries at Dec 31 (although this is not a perfect solution)?

 

They don't have Guest or Onboard license.

 

Regards,

Peiyong

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: How to set an expire date for an endpoint?

I will have to see what is the most efficient way of doing it, but if they are marking the device known when it is registered then you should be able to use that. 

 

Let me dig around for a day and see what we can come up with. I threw it out to the other Clearpass SEs to see what they also come up with and pick the most efficient way. 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 36
Registered: ‎03-21-2011

Re: How to set an expire date for an endpoint?

Thanks Troy.

 

Awaiting your best solution!

 

Regards,

Patrick

 

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: How to set an expire date for an endpoint?

One quick question.

Are you using a web login page or a modified self service portal to register the devices
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 36
Registered: ‎03-21-2011

Re: How to set an expire date for an endpoint?

We just use the web login page to register user's MAC.

 

Cheers,

Patrick

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: How to set an expire date for an endpoint?

So you do have multiple options here. The easiest one depends on if they have certain users that register the device or if the users do their own. 

 

If it’s Staff or even personal you can create a Self service account on CPGuest to allow the users to manage the devices they have registered. You can hard code an expiration date in the portal and it gives them the option if they loose/change a device they could delete their old one and add a new one.

 

Here is a quick example. You can add and remove the fields you want.

 

Screen Shot 2014-01-06 at 12.47.53 AM.png

 

 

The other option is to create a self-service portal page where you can add the device and put an expiration to the device.

 

The last one would be a little bit more complicated but you could do a custom SQL and put in an attribute of the expiration date. 

 

I’m sure there are a couple more but I wanted to give you some options to start with

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 36
Registered: ‎03-21-2011

Re: How to set an expire date for an endpoint?

Hi Troy,

 

First, the customer does NOT have Guest license. I understand you don't need Guest license to do MACTrac, but can you use this device list DB to do MAC Auth?

 

I would like to know what Custom SQL needed to put a 'expire' field to Endpoint DB, because the only way we can see the student's device is when they associate with an open SSID and land on a web page. Then they put in theire AD credential and CPPM mark the Endpoint as 'known'. Then the Endpoint DB will be used for the MAC Auth when the student associates next time.

 

Regards,

Patrick

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: How to set an expire date for an endpoint?

Yes you can use the list for mac auth.

I'm not a SQL expert so someone will have to put together the SQL query for me and then I can pass it off. I just don't know how long it will take.

I will let you know when I get it.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: