Security

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

Would not recommend using Known for policy.

Known vs Unknown has two main purposes:

1. Filtering for endpoint cleanup
2. A MAC auth service (not Allow All MAC Auth) - Known is allowed, Unknown is denied

You should be using some other process/information/tag/etc. for authorization.  If you are needing to authorize specific MAC address, use the Device Repository and assign a role or custom fields.

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

thanks Carson,

the customer has a PSK SSID and MAC-AUTH (allow ALL MAC-AUTH method) , this is because of limitations on clients (can't do 802.1x).

I suggested doing STATIC host list but they like the idea of seeing the endpoint and allowing them on by clicking known from a default status of unknown.

I said not ideal but yes it should work providing known endpoint cleanup interval is set to 0 and we have a policy to disallow "unknown" endpoints and allow "known".

cheers

Pete

Would not recommend using Known for policy.

Known vs Unknown has two main purposes:

1. Filtering for endpoint cleanup
2. A MAC auth service (not Allow All MAC Auth) - Known is allowed, Unknown is denied

You should be using some other process/information/tag/etc. for authorization.  If you are needing to authorize specific MAC address, use the Device Repository and assign a role or custom fields.

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

Hi Peter,

I would strongly suggest you use the guest device repository and then you will be able to create custom forms to allow or disallow devices. It is a lot more user friendly and reliable. I would auto register the devices in the repository and add an allow feature / blacklist feature.

Thanks,

thanks Carson,

the customer has a PSK SSID and MAC-AUTH (allow ALL MAC-AUTH method) , this is because of limitations on clients (can't do 802.1x).

I suggested doing STATIC host list but they like the idea of seeing the endpoint and allowing them on by clicking known from a default status of unknown.

I said not ideal but yes it should work providing known endpoint cleanup interval is set to 0 and we have a policy to disallow "unknown" endpoints and allow "known".

cheers

Pete

Would not recommend using Known for policy.

Known vs Unknown has two main purposes:

1. Filtering for endpoint cleanup
2. A MAC auth service (not Allow All MAC Auth) - Known is allowed, Unknown is denied

You should be using some other process/information/tag/etc. for authorization.  If you are needing to authorize specific MAC address, use the Device Repository and assign a role or custom fields.

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

thanks Ben,

definitely worth a look.

cheers

Peter

Hi Peter,

I would strongly suggest you use the guest device repository and then you will be able to create custom forms to allow or disallow devices. It is a lot more user friendly and reliable. I would auto register the devices in the repository and add an allow feature / blacklist feature.

Thanks,

thanks Carson,

the customer has a PSK SSID and MAC-AUTH (allow ALL MAC-AUTH method) , this is because of limitations on clients (can't do 802.1x).

I suggested doing STATIC host list but they like the idea of seeing the endpoint and allowing them on by clicking known from a default status of unknown.

I said not ideal but yes it should work providing known endpoint cleanup interval is set to 0 and we have a policy to disallow "unknown" endpoints and allow "known".

cheers

Pete

Would not recommend using Known for policy.

Known vs Unknown has two main purposes:

1. Filtering for endpoint cleanup
2. A MAC auth service (not Allow All MAC Auth) - Known is allowed, Unknown is denied

You should be using some other process/information/tag/etc. for authorization.  If you are needing to authorize specific MAC address, use the Device Repository and assign a role or custom fields.

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter

thanks Ben,

definitely worth a look.

cheers

Peter

Hi Peter,

I would strongly suggest you use the guest device repository and then you will be able to create custom forms to allow or disallow devices. It is a lot more user friendly and reliable. I would auto register the devices in the repository and add an allow feature / blacklist feature.

Thanks,

thanks Carson,

the customer has a PSK SSID and MAC-AUTH (allow ALL MAC-AUTH method) , this is because of limitations on clients (can't do 802.1x).

I suggested doing STATIC host list but they like the idea of seeing the endpoint and allowing them on by clicking known from a default status of unknown.

I said not ideal but yes it should work providing known endpoint cleanup interval is set to 0 and we have a policy to disallow "unknown" endpoints and allow "known".

cheers

Pete

Would not recommend using Known for policy.

Known vs Unknown has two main purposes:

1. Filtering for endpoint cleanup
2. A MAC auth service (not Allow All MAC Auth) - Known is allowed, Unknown is denied

You should be using some other process/information/tag/etc. for authorization.  If you are needing to authorize specific MAC address, use the Device Repository and assign a role or custom fields.

thanks to all answers coming back,

because i'm making some policy decisions based on known endpoints i wanted to make sure the defult state is unknown regardless of authentication and that the only way the endpoint known\unknown status can change is by methods i've outlined.

cheers again

Peter

You can just post the below JSON to the endpoint "/endpoint" for API:

{
  "mac_address": "00:00:00:00:00:00", - Example MAC 
  "status": "Known"
}

Thanks,

Original Message:
Sent: Aug 01, 2024 10:09 AM
From: chulcher
Subject: known endpoints

 Those are the two usual methods, yes.  Can probably also use API but I've never looked for that.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Aug 01, 2024 04:18 AM
From: peter.elms
Subject: known endpoints

hi Airheads,

basic question coming up !!

in the endpoints repository on Clearpass, the act of making an endpoint known can only be triggered:-

1. by enforcement policy ?
2. By manually going into the specific endpoint and changing from unknown (default) to known ?

thanks

Peter