as mentioned earlier, the endpoint db will have all the mac address and profiling information for any device that does MAC auth. You can also add manual attributes to it or use enforcement profiles to update an attribute based on your policy.
to make use of any Endpoint attributes, you need to check for it in role-mapping or in your enforcement policy.
https://www.arubanetworks.com/techdocs/ClearPass/6.11/PolicyManager/Content/CPPM_UserGuide/Admin/EndpointsHelp.htmlNow for MAC auth, when you configure the service, by default, endpoint db is used as Auth source, it will look for endpoint attribute "status", if it is known, it will pass the mac-auth. if status=unknown then you can use that and redirect to a captive portal (as an example)
you dont need to reorder anything in endpoint db, but if you want to use it for mac-auth service, then you need to add it as an auth source, then you can make use of any of its attributes in your enforcement policy and role mapping logic.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------
Original Message:
Sent: Nov 24, 2022 02:09 AM
From: KM Yeow
Subject: Mac address authentication in ClearPass
do i need to make any changes in order for endpoints attributes to work ?
Original Message:
Sent: Nov 23, 2022 10:27 AM
From: Herman Robers
Subject: Mac address authentication in ClearPass
Endpoints Database is where all of the MAC address seen by ClearPass are stored:
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 23, 2022 10:09 AM
From: KM Yeow
Subject: Mac address authentication in ClearPass
what is endpoint database ?
Original Message:
Sent: Nov 23, 2022 09:50 AM
From: Herman Robers
Subject: Mac address authentication in ClearPass
I'm not aware of a limit in the number of devices in the static host list. Just be aware that the use of static host lists is not really recommended because these are not really flexible and the management is cumbersome. You could probably achieve the same with endpoint attributes in the endpoint database.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 23, 2022 04:22 AM
From: KM Yeow
Subject: Mac address authentication in ClearPass
is there any limit as to how many mac address i can add to the clearpass static host lists?
currently i have 46 mac address added to the static host lists and i have more new devices to be added