Can anyone direct me on how to setup a service that will profile a device based on MAC OUI?
You can map OUI prefixes to ClearPass roles by using a role map. Example below:
Thanks Tim, is there a way to have the device profiled into the Identity Endpoints database with MAC OUI?
That is good to know that the MAC OUI alone cannot populate the profile info. I have a bunch of static IP device PLCs (Programmable Logic Controller) by a common vendor that need to be profiled immediately when the device connects to the network. I can't wait for an SNMP Poling cycle (6 hr) for CPPM to profile the device. After profiling the device and assigning it Role of PLC, I want to use MAC AUTH Service to assign appropriate network access (like, VLAN, dACL, etc...). How could this be accomplished?
Thanks for your help.
- Create a ClearPass TIPS role: DEVICE_PLC
(Configuration > Identity > Roles > Add)
- In your MAC-auth service, add the following rule to the role map:
- Then add a rule to your enforcement policy like belowreplacing the enforcement profile(s) with the appropriate action.
That worked. Thanks for the TIP!
Hello, I am also in the process of configuring DUR's based on OUI to auto configure different VLANs for printers, security cameras and BACNET devices. I attempted to build this using difference services for each of the categories though I cannot trigger service based on the device category or any other differentiating tag that I gave found. I s it better to just lump them all in to the same service, or is there a way to manually configure service triggers such as "Device Category"?
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.