Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Limit the number of device per user

Jump to Best Answer
  • 1.  Limit the number of device per user

    Posted Aug 27, 2013 07:56 AM

    Hi,

     

    Is it possible to limit the number of devices with which a user can connect thru ClearPass ? I mean I would like that a user can connect with 3 max devices in a day with his account.

     

    Thanks

     

    Dimitri



  • 2.  RE: Limit the number of device per user

    Posted Aug 27, 2013 11:01 AM

    yes,

    In your enforcement profile (or role mapping policy) you can verify the unique device count from your endpoint repository.

     

    Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3 -> deny access profile



  • 3.  RE: Limit the number of device per user

    Posted Aug 27, 2013 11:15 AM

    Sorry but I don't understand how to apply it to my service for Guest Access. Can you give me more details, thanks.

     

    Regards

     

    Dimitri



  • 4.  RE: Limit the number of device per user

    Posted Aug 27, 2013 11:34 AM
    If you run the service template guest withe Mac access it will create the service and you can either use that one or copy the device limit to your existing service.


  • 5.  RE: Limit the number of device per user

    Posted Aug 27, 2013 11:46 AM

    Thanks but I don't understand how to do this : copy the device limit to your existing service. Can you make me one or two screenshots of the procedure ?

     

    Thanks again

     

    Dimitri



  • 6.  RE: Limit the number of device per user

    Posted Aug 27, 2013 12:57 PM

    CPPM/tips - Configuration - Service Templates - Guest MAC Authentication

     

    Just fill in this template and the required services will be created automatically.

     

    One of the services will be something like "... Guest Access With MAC Caching"

    Go check the "role" tab and "Enforcement" tab of this service... there should be a condition like :

     ConditionsRole
    (Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3)[Deny Access Profile]

     

    That's the bit that denies access when more than 3 devices are already registered for this user.



  • 7.  RE: Limit the number of device per user

    Posted Aug 27, 2013 03:14 PM

    You will also need to add the insight repository to the authorization sources.

     

    guestlimit2.png

     

     

    guestlimit3.png

     

     

    guestlimit.png

     

     



  • 8.  RE: Limit the number of device per user

    Posted Aug 28, 2013 02:29 AM

    Thanks for all but I still don't know how to add the Enforcement to my service. Can you just give some tips about how to do it ?

     

    Thanks again

     

    Dimitri



  • 9.  RE: Limit the number of device per user

    Posted Aug 28, 2013 02:34 AM
    1. Add the endpoints repository to your authorization source
    2. Add condition 1 in the last screen shot to your enforcement and make sure you choose evaluate all


  • 10.  RE: Limit the number of device per user

    Posted Aug 28, 2013 02:41 AM

    1. Ok done

    2. Sorry but how do I add the condition ? I am a bit lost of how does work the enforcement

     

    Thanks

     

    Dimitri



  • 11.  RE: Limit the number of device per user
    Best Answer

    Posted Aug 28, 2013 02:53 AM

    1. In your service you need to select the enforcement tab

    2. Click Modify

    3. Click on the Rules tab

    4. Add New rule

    5. Add the following condition

    6. Move the condition to the top

    7. Make sure select first match

     

    CPPM will look in the endpoint repository to see how many device the user has and if its more than you specify it will deny access to that device. In my condition I limit each user to a max of 3 devices per user.

     

    screenshot_01 Aug. 28 01.43.gif



  • 12.  RE: Limit the number of device per user

    Posted Aug 28, 2013 03:10 AM

    Thanks again but after point 5, if I try to save the Rule, I got an error No Enforcement Profiles are selected and don't know whick one to select on the list.

     

    Dimitri



  • 13.  RE: Limit the number of device per user

    Posted Aug 28, 2013 03:15 AM

    Depending on the NAS device you are connecting though... most use a [Deny Access]

     

     

     

    screenshot_01 Aug. 28 02.08.gif



  • 14.  RE: Limit the number of device per user

    Posted Aug 28, 2013 03:24 AM

    Ok thanks. I am only using Aruba devices so I think I can use the default Deny Access Profile.

     

    I will try this and come back if I still have problems.

     

    Regards

     

    Dimitri



  • 15.  RE: Limit the number of device per user

    Posted May 17, 2016 06:06 AM

    Dear Mr. Tarnold,

     

    I have installed Clearpass and integrated with AD, and i want to limit device per user Max 1.

    Could you help me please ?

     

     

    Kindly need your help