Security

Reply
Highlighted
New Contributor

CLEARPASS Network Devices Attributes

Hello,

 

I know it is possible to use Device Attributes in a Service Rule,

 

But we also would like to use NAD Device Attribute values in an Enforcement profile

 

The question is: is this possible?

And if this is possible how can we get access to these atributes

 

Highlighted
Aruba Employee

Re: CLEARPASS Network Devices Attributes

The NAD "attributes" appear in the AccessTracker event's Input-->Computed section. In my example I have Device:Device Type, Device: Device Vendor and Device:Location. I believe these can be referenced using %{Device:Location}. Hence, you should be able to use these to differentiate the policy assigned to say a 2930 switch v CX.

Annoyingly the Vendor information is not natively available. Though it shouldn't be too hard to use the XML to add attributes.

 

Highlighted
Frequent Contributor II

Re: CLEARPASS Network Devices Attributes

You can always add your own device attribute to use for enforcement. You can also define your own Device attribute by going to Administration > Dictionaries > Dictionary Attributes. Click on add new, choose a Entity type of device, and choose a Data Type of String. Name your attribute, and then click Add. See attached screen shots.

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | CCNP | CCDP | CCNA Wireless
Highlighted
New Contributor

Re: CLEARPASS Network Devices Attributes

Got it, thanx!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: