Security

last person joined: 3 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

Insight report generation

This thread has been viewed 3 times
  • 1.  Insight report generation

    Posted Oct 06, 2021 07:02 AM
    Just dipping my tow into  insight report generation

    I am in the
    the process of rolling out  multi site NAC solution using clearpass and 2930 switches. Switches currently have static vlan/port assignements and  inital NAC switch configurations will have auth-vid set to whatever VLAN a switch port is currenty  statically assigned to.  When clearpass processes an Access-Request its going to either return an Access-Accept packet with a named vlan if  we have processed the device fingerprint to assign a role, or no vlan if we don't. The  client device therefor will either be placed in a new (named) vlan or "stay where it is" .

    I therfor need to generate an insight report for all devices that "stay wher they are" i.e. that have fingerprints we dont recognise ( have not assigned a role based upon what we see) and have sent bck a minimal Access-Accept packet.

    Thought  that  inserting an endpoint attribute for devices  that have an access-accept packet without a  VLAN definition might be the way to go and then to generate a report  listing all the endpoints that have that attribute present.

    Guess simple question is can I generate an insight report listing all endpoints that contain a specific attribute?

    Rgds
    Alex

    ------------------------------
    Alex Sharaz
    ------------------------------