Security

Reply
Super Contributor I
Posts: 294
Registered: ‎02-07-2013

mechanism for updating endpoint status to known

Hi,

I seem to have an issue with using the default [Update Known Endpoint] enforcement profile. Bit of background :-

There is an issue with HP 5130 switched running ComWare 7 where clearpass doesn't generate the Computed mac-address formats.It only happens with ComWare 7 devices, ComWare 5 ones work just fine. I'm progressing resolving this through HP TAC and support via our 3rd party support people.

Our standard mac-address format is upper case hex pairs delimited by "-"

 

In this case the end device is an IP phone. I've set up a service that drops it into the correct vlan and runs a number of profiles including [Update Known Endpoint] ....... except that it doesn't!

 

I can see the device endpoint entry ( obtained from  a dhcp request packet) but its status is set to unknown. subsequent reauths of the device show all the enforcement profiles assigned with the reauth and [Update...] is there.

 

Looking at the endpoint entry the status never changes from unknown.

guess the questions are 

 

"Does this profile make use of the computed mac-address values or should it "normalise" the address itself in order to find the endpoint entry"

 

Given the fact the the computed attributes are not present, any other method of updating the database? Perhaps build a local sql statement that'll strip the "-" off and conver to lower case?

 

Rgds

Alex

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: