Security

Reply
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Limit the number of device per user

Hi,

 

Is it possible to limit the number of devices with which a user can connect thru ClearPass ? I mean I would like that a user can connect with 3 max devices in a day with his account.

 

Thanks

 

Dimitri

MVP
Posts: 765
Registered: ‎03-25-2009

Re: Limit the number of device per user

yes,

In your enforcement profile (or role mapping policy) you can verify the unique device count from your endpoint repository.

 

Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3 -> deny access profile

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Limit the number of device per user

Sorry but I don't understand how to apply it to my service for Guest Access. Can you give me more details, thanks.

 

Regards

 

Dimitri

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Limit the number of device per user

If you run the service template guest withe Mac access it will create the service and you can either use that one or copy the device limit to your existing service.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Limit the number of device per user

Thanks but I don't understand how to do this : copy the device limit to your existing service. Can you make me one or two screenshots of the procedure ?

 

Thanks again

 

Dimitri

MVP
Posts: 765
Registered: ‎03-25-2009

Re: Limit the number of device per user

CPPM/tips - Configuration - Service Templates - Guest MAC Authentication

 

Just fill in this template and the required services will be created automatically.

 

One of the services will be something like "... Guest Access With MAC Caching"

Go check the "role" tab and "Enforcement" tab of this service... there should be a condition like :

 ConditionsRole
(Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3)[Deny Access Profile]

 

That's the bit that denies access when more than 3 devices are already registered for this user.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Limit the number of device per user

You will also need to add the insight repository to the authorization sources.

 

guestlimit2.png

 

 

guestlimit3.png

 

 

guestlimit.png

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Limit the number of device per user

Thanks for all but I still don't know how to add the Enforcement to my service. Can you just give some tips about how to do it ?

 

Thanks again

 

Dimitri

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Limit the number of device per user

1. Add the endpoints repository to your authorization source
2. Add condition 1 in the last screen shot to your enforcement and make sure you choose evaluate all
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Limit the number of device per user

1. Ok done

2. Sorry but how do I add the condition ? I am a bit lost of how does work the enforcement

 

Thanks

 

Dimitri

Search Airheads
Showing results for 
Search instead for 
Did you mean: