I have a question about the Endpoint Repository database. In my CPPM I have this type of condition for my printers:
Afaik, for the printer to be authenticated, it shoud be in the Endpoints Repository, but the documentation says "ClearPass Policy Manager automatically lists all the endpoints that are authenticated in the Configuration > Identity > Endpoints page". Then, CPPM adds the printer to the Endpoints Repository if it is authenticated, but for the printer to be authenticated it should be in the Endpoints Repository (Authorization:Sources EQUALS [Endpoints Repository]). What is first? Am I missing something?
The trick would be to place unknown devices in a network segment where they can be profiled, and after that be placed in the final role.
Think this video or the videos #4 or #5 after that show that concept.
What wonderful videos! Much clearer after seeing those videos. Then, I see the documentation is not completely correct since CPPM list all the devices it sees in the endpoints database, and not only the devices that have been authenticated. For example, in the first video the Instant AP doesn't do any authentication, and it is listed in the endpoints database.
One doubt, my printers and VoIP phones has static IP addresses and doesn't do DHCP requests. Then how can I get them profiled? Only with their MAC? Thanks in advance.
You may have results by querying the LLDP/CDP tables from your switches, or running SNMP scans on the devices, but if the device has static IP it's somewhat harder to get quick and accurate profiling. If you know the MAC addresses, you can add them to the Endpoint database with an attribute, or profile based on the MAC-prefix. If possible, I would move to DHCP (and use reservations if the clients need a fixed IP).
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.