Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Query Endpoint Repository for VPN device

  • 1.  Query Endpoint Repository for VPN device

    Posted Dec 17, 2019 09:48 PM

    How do I query the endpoint repository for a device that presents no host mac address?

     

    In my case, Cisco Anyconnect doesn't present this, only a Cisco AVPair of mdm-tlv=device-mac=XX-XX-XX-XX-XX-XX

     

    I want to be able to query its Endpoint EMM attributes (ie. MDM Enabled).



  • 2.  RE: Query Endpoint Repository for VPN device

    Posted Dec 18, 2019 02:05 PM

    Try this (assuming you're on 6.8.0+):

     

    1. Go to Administration > Server Manager > Server Configuration and select the ClearPass server.
    2. On the Service Parameters tab, in the Select Service drop-down list select RADIUS server.
    3. Scroll down to the Main parameters and select yes for the Parse Cisco-AVPair to get device mac option, and then click Save.



  • 3.  RE: Query Endpoint Repository for VPN device

    Posted Dec 18, 2019 06:29 PM

    Ah thanks Tim. Currently on 6.7.12 - holding back on the 6.8 upgrade to the new year.



  • 4.  RE: Query Endpoint Repository for VPN device

    Posted Feb 15, 2020 04:00 PM

    Tim, this is great!  However it overwrites the insightdb radius_acct.calling_station_id with the mac address of the client.  Now it seems I don't have access to the originating IP address of the VPN client unless this is getting written into the endpoints table now?

     

    Update: I looked through the radius_acct, auth, endpoints and I can no longer find the origniating IP address of the client.  I guess I'll disable this for now as the originating IP is more important than the MAC for now. 

     

    Tim, Can we find a way to get both the MAC and the originating IP?

     

    Thanks!



  • 5.  RE: Query Endpoint Repository for VPN device

    Posted Aug 17, 2020 04:30 PM

    Trying to leverage this feature.  I enabled the option under RADIUS server parameters to parse the Cisco-ACPair for the client's MAC address.  Looking at an authentication request from the ASA in my lab (ASA5505), the authentication request includes the Cisco-AVPair mdm-tlv=device-mac, but not device-public-mac.

     

    I see this log in the ClearPass logs.

    INFO RadiusServer.Radius - rlm_service: device-public-mac= value not present in any of Cisco-AVPairs

     

    So it looks like ClearPass is parsing for device-public-mac, not device-mac.  Is there a specific version I need for this to work.

     

    Running ClearPass 6.9.2