Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Clearpass External Context Server

This thread has been viewed 13 times
  • 1.  Clearpass External Context Server

    Posted 6 days ago
    Greetings !

    We have Clearpass Server, where JAMF PRO has been configured as an external Context server from where it gets all the device information (ipad, iMAC) and which is used to implement clearpass policy.

    We got a situation that, need to enroll a large number of ipads in Jamf and when we finish enrolling (using internet) and connect to Campus Wi-Fi, we needed to wait for an hour to get the correct Role and Policy. When we checked in clearpass, it says Endpoint Context Servers Polling interval is 60 minutes, which makes sense.

    Just thinking if we can decrease this interval during this time (when we get large number of end devices). Will there be any impact on Clearpass ? Please note that, we have Intune extension for Windows devices configured to sync on each 15 mins (subscriber nodes) and each 30 mins (publisher node)
    Idea is to decrease the polling interval time to (X min): as minimum with the like of 5 min and once all the devices enrolled, change it to default, ie. 60 mins.

    Also, there are three servers configured for Endpoint Context Servers, including Firewall, JAMF itself and local host.

    I have attached the screenshots for both. Please suggest if anyone has come across the same situation.





  • 2.  RE: Clearpass External Context Server

    EMPLOYEE
    Posted 6 days ago
    yes that should be fine, but keep an eye on the performance of  the clearpass node.
    Generally decreasing the polling interval could impact the performance

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Clearpass External Context Server

    Posted 5 days ago
    Thank you for looking at it. 

    I have changed to 30 mins and looks ok in terms of resource consumption. 

    Ideally, thinking to come to 15 mins. I think it should be ok ? 

    But is there any way to see in clearpass logs how long it took to reference Jamf data ? Did not find any such logs unless there is a trick in cli. 

    Binod





  • 4.  RE: Clearpass External Context Server

    EMPLOYEE
    Posted 4 days ago
    check the event logs.

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------