Security

Reply
Occasional Contributor I

Import Endpoints Fingerprint

Dear All,

 

How can i import the Endpoints Fingertpring while importing Endpoints in clearpass?

 

I have tried the following:

 

<Endpoint macVendor="" macAddress="d0bf9c260c4f" status="Unknown">
<EndpointProfile conflict="false" category="Audio/Video Devices" hostname="xxx" staticIP="true" ipAddress="x.x.x.x"/>

 

It is only importing the macAddress

 

Please advise.

 

Best Regards,

Maurice

Guru Elite

Re: Import Endpoints Fingerprint

You cannot.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Import Endpoints Fingerprint

cappalli wrote:
You cannot.

Is there any other way to import devices in another way?

 

My concern is to create a service to bypass 802.1x for Cisco Phones. I was planning to do the below: import the devices, create a service with a condition: Type: Endpoints Reposotiry and in the Name set the Hostname.

 

Is there any other way to do that?

 

Best Regards,

Maurice 

Guru Elite

Re: Import Endpoints Fingerprint

The devices will be profiled the first time they connect and then profiling information can be leveraged. You can also use the phone’s factory certificate for EAP-TLS (this is the recommended, secure way).

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Import Endpoints Fingerprint

The devices will be profiled the first time they connect and then profiling information can be leveraged. You can also use the phone’s factory certificate for EAP-TLS (this is the recommended, secure way).

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Import Endpoints Fingerprint

Hi Tim,

 

As i understand from your reply, that the devices will be shown by theirselfs in the endpoints without having to do anyting on clearpass?

 

If yes, is there anything that should be done on the switch side?

 

Regards,

Maurice

MVP

Re: Import Endpoints Fingerprint

There are multiple ways to profile endpoints. Read more about that here:

 

Clearpass profiling technote

 

That said - on your switch you will have to add mab (mac auth if no 1x).

I believe you will find more information about how to do that here:

 

Clearpass Wired 802.1x with Cisco

 

If you're not using Cisco then you should still get the basics of how it's done from that document.


Regards
John Solberg

-ACMX #316 :: ACCP ::
ACSA :: Working on my ACCX!!
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: