Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Blocking a Endpoint in CPPM

This thread has been viewed 10 times
  • 1.  Blocking a Endpoint in CPPM

    Posted Apr 22, 2024 07:41 AM

    we use Clearpass for guest authentication. In case we need to permanently prevent a mac address from connecting to the guest SSID, 

    Is it the right approach if we modify the endpoint status to disabled client?



  • 2.  RE: Blocking a Endpoint in CPPM

    EMPLOYEE
    Posted Apr 22, 2024 10:00 AM

    You'll need to write policy around handling the attribute, but don't deny the client device.  Allow the connection and assign a role that doesn't allow any traffic to flow, otherwise you'll see the client reconnect constantly.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Blocking a Endpoint in CPPM

    Posted Apr 23, 2024 12:39 AM

    But disabled clients also don't have access to the network, correct? 




  • 4.  RE: Blocking a Endpoint in CPPM

    EMPLOYEE
    Posted 30 days ago

    That particular flag is used by a MAC auth service to determine if authentication is allowed or not.  Any other service you would still have to write policy around unknown/known/disabled.  The problem is, most any situation where a decision on a  MAC address is going to be the allow/deny choice is probably going to result in the device attempting to connect multiple time.  Rather than constantly having to reject the connection, allow the connection, deny all traffic, and place them in a blackhole VLAN.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------