Security

Reply
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Question - Remove attributes in endpoints database

Is it possible to remove an endpoint attributes using an enforcement policy?
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Question - Remove attributes in endpoints database

It depends on what attribute you want to remove. You should be able to add an enforcement and leve the attribute empty. I havent tried it so you will need to do a quick test to see if you will get the results you are looking for.

 

 

screenshot_02 Oct. 28 22.55.gif

 

screenshot_01 Oct. 28 22.55.gif

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Question - Remove attributes in endpoints database

I will have to take that back. Just tested and it will not let you leave it blank.

Before I take this to engineering what exactly are you trying to do? There might be some other options.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Question - Remove attributes in endpoints database

[ Edited ]

I should be able to just use one of my other attributes that I use later in my authentication. I was just looking to create this attribute restart authentication perform one CLI enforcement to delete the user from the user-table then delete the attribute. Just to keep endpoint database clean. This would be for devices that join the network the very first time so I can get them from entering the initial role set on the controller.  COA's don't seem to do much for devices that are in this Initial Role. 

 

The Bigger picture is that if a COA a user that is in the initial role assigned from the AAA/vap profile it doesn't actually disconnect them so instead I need to perform a CLI enforcement profile on the device to delete them from the user-table. I am not sure if you have any tips on doing CLI enforcement policy but I have one created I just need to troubleshoot to see where the CLI enforcement profile is failing. I think its because I don't have a successful authentication source. Still need to test.

Search Airheads
Showing results for 
Search instead for 
Did you mean: