Security

Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.  
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

Thanks a lot, much appreciated.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

Hello,

You can also use the Guest Devices repository which is easy to manage and import csv list. 

Another advantage of this method is that you can delegate devices creation / import to Guest Operator without giving full Policy Manager access

Regards

Christian
Original Message:
Sent: Sep 06, 2022 12:59 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Thanks a lot, much appreciated.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

Good option! Thank you.
Just wonder if we can profile the devices with clearpass scanning only.
Original Message:
Sent: Sep 06, 2022 02:19 AM
From: Christian Chautems
Subject: Clearpass - Profiling/Importing fixed ip address device

Hello,

You can also use the Guest Devices repository which is easy to manage and import csv list.

Another advantage of this method is that you can delegate devices creation / import to Guest Operator without giving full Policy Manager access

Regards

Christian
Original Message:
Sent: Sep 06, 2022 12:59 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Thanks a lot, much appreciated.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

also be aware that we have a tool for converting CSV/TSV to XML to be imported into clearpass endpoints
https://ase.arubanetworks.com/solutions/id/91

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Sep 07, 2022 12:19 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Good option! Thank you.
Just wonder if we can profile the devices with clearpass scanning only.
Original Message:
Sent: Sep 06, 2022 02:19 AM
From: Christian Chautems
Subject: Clearpass - Profiling/Importing fixed ip address device

Hello,

You can also use the Guest Devices repository which is easy to manage and import csv list.

Another advantage of this method is that you can delegate devices creation / import to Guest Operator without giving full Policy Manager access

Regards

Christian
Original Message:
Sent: Sep 06, 2022 12:59 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Thanks a lot, much appreciated.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

That's good tool. Thank you!
Original Message:
Sent: Sep 07, 2022 04:23 AM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

also be aware that we have a tool for converting CSV/TSV to XML to be imported into clearpass endpoints
https://ase.arubanetworks.com/solutions/id/91

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 07, 2022 12:19 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Good option! Thank you.
Just wonder if we can profile the devices with clearpass scanning only.
Original Message:
Sent: Sep 06, 2022 02:19 AM
From: Christian Chautems
Subject: Clearpass - Profiling/Importing fixed ip address device

Hello,

You can also use the Guest Devices repository which is easy to manage and import csv list.

Another advantage of this method is that you can delegate devices creation / import to Guest Operator without giving full Policy Manager access

Regards

Christian
Original Message:
Sent: Sep 06, 2022 12:59 AM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device

Thanks a lot, much appreciated.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

It does not work. When XML populated with new mac addresses who never recognized by clearpass before, endpoint repository won't take it. Only mac addresses are imported.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

Import through API or XML will not set profiling information. It does set the Known/Unknown status, and you can import attributes. The original question was just about setting the Known flag, which works. You may see expected behavior, if you only set profiling data.

Profiling data is what is discovered by the system, and may change if the device changes, so there is a design reason why you can't import profiling attributes.

If you also want to set the device type, you could do that through a device attribute and test that in your policy; or as mentioned earlier use the Guest Device Database, which is similar on setting attributes but in a slightly different form. If you need to have non-admins manage the device registrations, using the Guest Device Database is probably the best option; if it is just admins or API access the Endpoint Database is a good choice.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Sep 13, 2022 03:08 AM
From: BERNHARD HUSTOMO
Subject: Clearpass - Profiling/Importing fixed ip address device

It does not work. When XML populated with new mac addresses who never recognized by clearpass before, endpoint repository won't take it. Only mac addresses are imported.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.

Hi Herman,

Thanks for the reply once again.

Can I consider to say that Guest Device registration is actually a manual way of profiling ?

Yeah I found your YouTube video very helpful about setting the guest operator profiles.

But I never explored API myself. Does it require to open some ports in the firewall to allow traffic to clearpass ? What is the source and destination ? Is it NAD to clearpass, or from endpoint to clearpass ?
Original Message:
Sent: Sep 13, 2022 05:02 AM
From: Herman Robers
Subject: Clearpass - Profiling/Importing fixed ip address device

Import through API or XML will not set profiling information. It does set the Known/Unknown status, and you can import attributes. The original question was just about setting the Known flag, which works. You may see expected behavior, if you only set profiling data.

Profiling data is what is discovered by the system, and may change if the device changes, so there is a design reason why you can't import profiling attributes.

If you also want to set the device type, you could do that through a device attribute and test that in your policy; or as mentioned earlier use the Guest Device Database, which is similar on setting attributes but in a slightly different form. If you need to have non-admins manage the device registrations, using the Guest Device Database is probably the best option; if it is just admins or API access the Endpoint Database is a good choice.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Sep 13, 2022 03:08 AM
From: BERNHARD HUSTOMO
Subject: Clearpass - Profiling/Importing fixed ip address device

It does not work. When XML populated with new mac addresses who never recognized by clearpass before, endpoint repository won't take it. Only mac addresses are imported.
Original Message:
Sent: Sep 04, 2022 10:58 PM
From: Ariya Parsamanesh
Subject: Clearpass - Profiling/Importing fixed ip address device

yes you can import them through XML import.
you can export one to see the XML formatted file


https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.html

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Sep 04, 2022 08:41 PM
From: Ronald Wan
Subject: Clearpass - Profiling/Importing fixed ip address device


Hello everyone,

We have a number of existing CCTV currently with fixed ip address and would like to import to clearpasss to setup mac-authentication with the switch user role.

Just wondering if I can do a bulk import to the endpoints database without going through the device profiling.
Can I categories it or  set up some attribute to mark those as "permitted known" device"?

I believe device profiling is more suitable for new devices.
However, I still want put some control to the "unknown" device so it will not be assigned to the same user role as the "known" device automatically.

Thanks in advance for any suggestion.