Security

Does anyone know how to import or build a list of device serial numbers into ClearPass Policy Manager and then build a role mapping or enforcement policy to classify the device? 

My goal is to build a list of serial numbers that we know are Corporate liable assets and if a device is on that list, we will classify it as a corporate iOS or Android device and apply appropriate roles to it.  If it's not on that list, we'll consider it a personal liable device and give a different role.

The capability was mentioned at the last Airheads conference, but I don't see a way to do it.

Thanks...

I have done that for some of our older CiscoIP Phones that do not support 802.1X. Tou need to import the mac addresses as Endpoints or use the API. If you are doing a list, the XML import is probably easier. Be careful, though. I found the XML tricky when importing multiple Endpoints. They looked OK in Endpoints, but my service would not key on the attribute I was using. I assume you have a MAC Auth service, etc. set up.

Here is a sample XML format from CPPM 5.1.1.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Fri Sep 28 10:50:24 EDT 2012" version="5.1"/>
<Endpoints>
<Endpoint macAddress="00112032b378" status="Known">
<EndpointTags tagName="Device Type" tagValue="Cisco IP Phone"/>
</Endpoint>
<Endpoint macAddress="001120f67643" status="Known">
<EndpointTags tagName="Device Type" tagValue="Cisco IP Phone"/>
</Endpoint>
</Endpoints>
<TagDictionaries>
<TagDictionary allowMultiple="true" mandatory="false" dataType="String" attributeName="Device Type" entityName="Endpoint"/>
</TagDictionaries>
</TipsContents>

I believe you need Unix line endings in the XML file.

I hope this helps.