Security

Reply
Frequent Contributor I

Implementation question - blocking end-point vendors

Hello,

 

we are interested in blocking ALL smartphones from our wifi solution.

What I have done is the following:

I have added the following under services-->enfo.

 

This is working now and blocked Samsung S3 and apple devices.

Is this a good way to implement or should I use profiler or a different option, I have full clearpass license.

Any suggestions will be gladly appreciated.

 

3.(Connection:Client-Mac-Vendor EQUALS Murata Manufacturing Co., Ltd.)[Deny Access Profile]
4.(Connection:Client-Mac-Vendor EQUALS Apple, Inc.)

[Deny Access Profile]

Trusted Contributor I

Re: Implementation question - blocking end-point vendors

see the question i asked in your other thread.

 

personally i would go with ClearPass profile if you can. It gives more granularity, i.e. differentiate between iPads and iPhones i believe.

Guru Elite

Re: Implementation question - blocking end-point vendors

In Role Mapping, try this:

 

Authorization:Endpoints Repository Category Equals SmartDevice

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: Implementation question - blocking end-point vendors

i tried it but it dosent seem to work.

if i goto identity --> end point i can see my client mac address with profiled no status unknown.

 

Guru Elite

Re: Implementation question - blocking end-point vendors

Do you have a helper address on your wireless subnet pointing to cppm so your devices can be profiled?
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: Implementation question - blocking end-point vendors

i also tried this role but still i can authenticate and connect

(Authorization:[Endpoints Repository]:Device Name CONTAINS Android)Block_Devices
Guru Elite

Re: Implementation question - blocking end-point vendors

Your endpoints repository only has basic information about your devices.  To get more information, you need to put an additional helper address on your wireless subnet to point to CPPM to collect that additional information and insert it into the Endpoints repository.  It will then be able to better classify those devices with more parameters, rather than just by mac address.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: Implementation question - blocking end-point vendors

can you elaboratre on "To get more information, you need to put an additional helper address on your wireless subnet to point to CPPM to collect that additional information and insert it into the Endpoints repository"

what are the steps? is there a manual for this?

 

Guru Elite

Re: Implementation question - blocking end-point vendors

Do you have the profiler license? If you do, please search the user guide for profiler to ensure it is enabled.

If you do not, ignore what I said.
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor I

Re: Implementation question - blocking end-point vendors

profiler is enabled as evaluation license in the product.

but the endpoint mapping is empty my phone was not categorized not profiled or detected as android. While other pcs are listed OK in the endpoints list.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: