Security

last person joined: 26 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CLEARPASS Network Devices Attributes

  • 1.  CLEARPASS Network Devices Attributes

    Posted Mar 26, 2020 05:16 AM

    Hello,

     

    I know it is possible to use Device Attributes in a Service Rule,

     

    But we also would like to use NAD Device Attribute values in an Enforcement profile

     

    The question is: is this possible?

    And if this is possible how can we get access to these atributes

     



  • 2.  RE: CLEARPASS Network Devices Attributes

    Posted Mar 26, 2020 08:16 AM

    The NAD "attributes" appear in the AccessTracker event's Input-->Computed section. In my example I have Device:Device Type, Device: Device Vendor and Device:Location. I believe these can be referenced using %{Device:Location}. Hence, you should be able to use these to differentiate the policy assigned to say a 2930 switch v CX.

    Annoyingly the Vendor information is not natively available. Though it shouldn't be too hard to use the XML to add attributes.

     



  • 3.  RE: CLEARPASS Network Devices Attributes

    Posted Mar 26, 2020 11:45 AM

    Got it, thanx!



  • 4.  RE: CLEARPASS Network Devices Attributes

    Posted Mar 26, 2020 10:25 AM

    You can always add your own device attribute to use for enforcement. You can also define your own Device attribute by going to Administration > Dictionaries > Dictionary Attributes. Click on add new, choose a Entity type of device, and choose a Data Type of String. Name your attribute, and then click Add. See attached screen shots.