Security

last person joined: 29 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

FQDN entry for a device in ClPPM

Jump to Best Answer
  • 1.  FQDN entry for a device in ClPPM

    Posted Feb 12, 2016 02:44 PM

    We have a device which wants to use RADIUS to allow administrators access, yet moves from building to building. It's a Cisco switch used for training, and moves from store to store (usually without warning) and gets its address from DHCP.

    The DHCP server notifies the DNS server, so we can ping it by name.

     

    Right now, what we do is get the call from the tech (who didn't tell us he was moving it) asking us to make some configuration change. We ping the switch, go to CPPM and change the IP address of the device, then SSH into the switch and do what we must.

     

    It would be nifty if we could skip the "change the IP address" in CPPM bit.

     

    The field doesn't accept an FQDN, ny thoughts on how I could achieve the same result?

     



  • 2.  RE: FQDN entry for a device in ClPPM

    Posted Feb 12, 2016 02:47 PM
    I don't think any AAA platform can do this because it's insecure. 

    You could assign a DHCP reservation to the device in each subnet and add those IPs to ClearPass. 

    Sent from Nine


  • 3.  RE: FQDN entry for a device in ClPPM

    Posted Feb 12, 2016 02:56 PM

    I agree with the insecure bit, but the inconvenient is causing some pushback from the admins - looking for some way to simplify (25 "floating" switches, 150 DHCP scopes) into one easy CPPM thingy.

     

    sigh...



  • 4.  RE: FQDN entry for a device in ClPPM
    Best Answer

    Posted Feb 12, 2016 03:59 PM

    You could make the ip address of the nas client in CPPM a big range, and send back an attribute or nas variable that will be a requirement by the service that would authenticate on that switch...

     

    Nevermind



  • 5.  RE: FQDN entry for a device in ClPPM

    Posted Feb 12, 2016 04:20 PM

    Yeah, that was starting to percolate in my head too.

     

    I'll tell the admins to deal with the inconvenience while I think some more.