Security

Anyone know how to take advantage of the 'Disabled Client' radio button for an endpoint in the Endpoints repository? Such as in my Mac Auth policy, I want to create a role mapping that will be applied in my enforcement to deny access to a client.

I would like to see that 'Disabled Client' as an Endpoint attribute. That however does not seem to be the case. The 'Known client' and 'Unknown Client' I believe can be leveraged in that manner but not 'Disabled Client'. There is no option to role map it like I would for most other attributes. 

Thanks in advance!! 


------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------

The following role mapping works for me, using the Endpoint Repository instead of Endpoint:
(Authorization:[Endpoints Repository]:Status  EQUALS  Disabled)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 03, 2021 03:09 PM
From: Philip Wightman
Subject: Clearpass Endpoints - Known / Unknown / Disabled

Anyone know how to take advantage of the 'Disabled Client' radio button for an endpoint in the Endpoints repository? Such as in my Mac Auth policy, I want to create a role mapping that will be applied in my enforcement to deny access to a client.

I would like to see that 'Disabled Client' as an Endpoint attribute. That however does not seem to be the case. The 'Known client' and 'Unknown Client' I believe can be leveraged in that manner but not 'Disabled Client'. There is no option to role map it like I would for most other attributes. 

Thanks in advance!! 


------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------

Sometimes it takes stepping back for a minute and re-evaluating where things are at. After reading your response, I looked at my Role mapping and had already setup exactly what you said. I flipped the disabled flag and it worked just fine. So not sure when in this project I thought it wasnt or when I came to that conclusion! Thank you for getting me back on course. I always appreciate your quick responses Herman!!

------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------

Original Message:
Sent: Nov 04, 2021 07:08 AM
From: Herman Robers
Subject: Clearpass Endpoints - Known / Unknown / Disabled

The following role mapping works for me, using the Endpoint Repository instead of Endpoint:
(Authorization:[Endpoints Repository]:Status  EQUALS  Disabled)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 03, 2021 03:09 PM
From: Philip Wightman
Subject: Clearpass Endpoints - Known / Unknown / Disabled

Anyone know how to take advantage of the 'Disabled Client' radio button for an endpoint in the Endpoints repository? Such as in my Mac Auth policy, I want to create a role mapping that will be applied in my enforcement to deny access to a client.

I would like to see that 'Disabled Client' as an Endpoint attribute. That however does not seem to be the case. The 'Known client' and 'Unknown Client' I believe can be leveraged in that manner but not 'Disabled Client'. There is no option to role map it like I would for most other attributes. 

Thanks in advance!! 


------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------

Found my issue. MAC Auth service was working fine but 8021x was not. I had the Endpoints repository in the Authentication Tab and not the Authorization Tab within the service. I moved it over to Authorization and it now works for 8021x as well. 

Thanks again Herman.

------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------

Original Message:
Sent: Nov 04, 2021 08:32 AM
From: Philip Wightman
Subject: Clearpass Endpoints - Known / Unknown / Disabled

Sometimes it takes stepping back for a minute and re-evaluating where things are at. After reading your response, I looked at my Role mapping and had already setup exactly what you said. I flipped the disabled flag and it worked just fine. So not sure when in this project I thought it wasnt or when I came to that conclusion! Thank you for getting me back on course. I always appreciate your quick responses Herman!!

------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador

Original Message:
Sent: Nov 04, 2021 07:08 AM
From: Herman Robers
Subject: Clearpass Endpoints - Known / Unknown / Disabled

The following role mapping works for me, using the Endpoint Repository instead of Endpoint:
(Authorization:[Endpoints Repository]:Status  EQUALS  Disabled)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 03, 2021 03:09 PM
From: Philip Wightman
Subject: Clearpass Endpoints - Known / Unknown / Disabled

Anyone know how to take advantage of the 'Disabled Client' radio button for an endpoint in the Endpoints repository? Such as in my Mac Auth policy, I want to create a role mapping that will be applied in my enforcement to deny access to a client.

I would like to see that 'Disabled Client' as an Endpoint attribute. That however does not seem to be the case. The 'Known client' and 'Unknown Client' I believe can be leveraged in that manner but not 'Disabled Client'. There is no option to role map it like I would for most other attributes. 

Thanks in advance!! 


------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------