Security

 View Only

  • 1.  Endpoint attribute tag

    Posted Jul 29, 2019 11:00 AM
    I am using an endpoint tag to update all endpoint with tag Corporate.

    I can see this tag on each endpoint hitting the configured rule .

    Is it possible to put a timer on this tag. So that it automatically gets deleted after few days ?

    Also is it possible to replace this tag with another tag Corporatenew . I don't want to add two tags . Just want to replace one with another. Is it doable ?


  • 2.  RE: Endpoint attribute tag

    Posted Jul 30, 2019 03:57 AM

    There is no attribute expiration built-in. What you could do is use a Time Source authorization server to put a timestamp as attribute next to the attribute itself with the desired expiration. Then during role-mapping (or even enforcement) you can check both the attribute and the timestamp, like: (Endpoint:Corporate exists) AND (Endpoint:CorporateExpire LESS THAN Time Source:Now).



  • 3.  RE: Endpoint attribute tag

    Posted Jul 30, 2019 11:50 AM
    Hi Herman,

    Thanks. Can you show the config screenshot please


  • 4.  RE: Endpoint attribute tag

    Posted Jul 31, 2019 03:36 AM

    I don't have a screenshot for that as the above are just guidance on how you could do it. Your Aruba ClearPass should be able to assist you in building and testing this. 



Related Content