Is it possible to limit the number of devices with which a user can connect thru ClearPass ? I mean I would like that a user can connect with 3 max devices in a day with his account.
In your enforcement profile (or role mapping policy) you can verify the unique device count from your endpoint repository.
Authorization:[Endpoints Repository]:Unique-Device-Count GREATER_THAN 3 -> deny access profile
Sorry but I don't understand how to apply it to my service for Guest Access. Can you give me more details, thanks.
Thanks but I don't understand how to do this : copy the device limit to your existing service. Can you make me one or two screenshots of the procedure ?
CPPM/tips - Configuration - Service Templates - Guest MAC Authentication
Just fill in this template and the required services will be created automatically.
One of the services will be something like "... Guest Access With MAC Caching"
Go check the "role" tab and "Enforcement" tab of this service... there should be a condition like :
That's the bit that denies access when more than 3 devices are already registered for this user.
You will also need to add the insight repository to the authorization sources.
Thanks for all but I still don't know how to add the Enforcement to my service. Can you just give some tips about how to do it ?
1. Ok done
2. Sorry but how do I add the condition ? I am a bit lost of how does work the enforcement
1. In your service you need to select the enforcement tab
2. Click Modify
3. Click on the Rules tab
4. Add New rule
5. Add the following condition
6. Move the condition to the top
7. Make sure select first match
CPPM will look in the endpoint repository to see how many device the user has and if its more than you specify it will deny access to that device. In my condition I limit each user to a max of 3 devices per user.
Thanks again but after point 5, if I try to save the Rule, I got an error No Enforcement Profiles are selected and don't know whick one to select on the list.
Depending on the NAS device you are connecting though... most use a [Deny Access]
Ok thanks. I am only using Aruba devices so I think I can use the default Deny Access Profile.
I will try this and come back if I still have problems.
Dear Mr. Tarnold,
I have installed Clearpass and integrated with AD, and i want to limit device per user Max 1.
Could you help me please ?
Kindly need your help
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.