Security

Dear All,

 

How can i import the Endpoints Fingertpring while importing Endpoints in clearpass?

 

I have tried the following:

 

<Endpoint macVendor="" macAddress="d0bf9c260c4f" status="Unknown">
<EndpointProfile conflict="false" category="Audio/Video Devices" hostname="xxx" staticIP="true" ipAddress="x.x.x.x"/>

 

It is only importing the macAddress

 

Please advise.

 

Best Regards,

Maurice

You cannot.

@cappalli wrote:
You cannot.

---

Is there any other way to import devices in another way?

 

My concern is to create a service to bypass 802.1x for Cisco Phones. I was planning to do the below: import the devices, create a service with a condition: Type: Endpoints Reposotiry and in the Name set the Hostname.

 

Is there any other way to do that?

 

Best Regards,

Maurice 

The devices will be profiled the first time they connect and then profiling information can be leveraged. You can also use the phone’s factory certificate for EAP-TLS (this is the recommended, secure way).

The devices will be profiled the first time they connect and then profiling information can be leveraged. You can also use the phone’s factory certificate for EAP-TLS (this is the recommended, secure way).

Hi Tim,

 

As i understand from your reply, that the devices will be shown by theirselfs in the endpoints without having to do anyting on clearpass?

 

If yes, is there anything that should be done on the switch side?

 

Regards,

Maurice

There are multiple ways to profile endpoints. Read more about that here:

 

Clearpass profiling technote

 

That said - on your switch you will have to add mab (mac auth if no 1x).

I believe you will find more information about how to do that here:

 

Clearpass Wired 802.1x with Cisco

 

If you're not using Cisco then you should still get the basics of how it's done from that document.