Is there a way in clearpass to modify the device Catagory/OS Family/Name so ClearPass does not come up with a conflict again? Or worse yet ClearPass change the Device Catagory/OS Family/Name back to what it thinks the device is?
I thought CleartPass was a database, what it the point of modifying a device if the system is going to change it back!
If the same finerprint is used again, it will use the same profile entry.
The reason it changes is that a profile conflict is a very important part of a network policy to determine if a user has attempted to spoof a MAC address.
You are free to create any Endpoint attribute you need. I have some custom ones myself.
ClearPass is free to update any Profiling attribute it internally uses too.
tl;dr You need to create your own custom attribute and perhaps open a TAC case on misidentifying fingerprints.
So i can apply a CP policy to a device based on an attribute? I will have to look into that a little more.
We track campus ATV's in JAMF (casper). Using CP and the mobility controller I have a policy/acl that if the device is identified as an ATV it has internet access only. Users on the guest network or secure network can use the ATV for presentation.
AppleTV was just an example.
That would not work for us since the majority of our Apple TVs, for instance are personally owned, usually by students.
We do not want them in our JAMF.
Bruce - I've never come across an iOS device profiled incorrectly. Please open a TAC case if you're seeing that.
So if someone were to grab the AppleTV's MAC address and use it on their laptop to bypass network registration/security, you wouldn't want to know that?
This is a core feature.
If something is incorrectly being reprofiled, you should open a TAC case.
I do not want Apple TVs identified as Aruba APs.
I currently do not trust profiling information but it is not currently using DHCP information here.
Then a TAC case should be opened. That is not correct.
There's a difference between conflict detection and incorrect profiling.
Ease of access it more important. I have firewalled my datacenter. If they look like an ATV the only place they can go is the Internet. Then any "Guest" or anyone on the secure wlan can access their device using airplay.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.