Security

Within Clearpass Guest devices can be added for mac-address authentication.

If adding manually, an error message 'duplicate address' is displayed and device is not added.

 

If importing devices, any existing mac-address and associated data (eg Sponsor) is overwritten with the imported data.

I cannot find a way in which to import only new mac-address's only.

The ClearPass API and import functions are destructive and delete and then
re-add existing entries with the new data.

Thanks for the quick response.

 

The data for mac-address's will be coming from several sources and I am hoping to keep any manually added ones from been overwritten with parameters from the other sources that will be part of the import.  Yep, I know I can do the import and it will be destructive but if this cannot be done, I will need to look into scripting something to export existing data from Guest, do a compare to exclude duplicates and then import only the new ones; all a bit messy and not intuitive for likely users of Clearpass Guest.

There is an open feature request for merge functionality on imports. I
don't have the link right now but you can find it on the idea portal.

Thanks for you help.

Your input has confirmed that there isn't anything I had missed; at least until a new version of software provides this functionality in the future.

Finally resolved this issue.

Root cause is the imported data had an invalid IP address, where one of the fields had a leading zero.

Instead of 10.100.20.9, the entry had 10.100.20.09

If this line was removed from the import data, all other imports were successful.

When the invalid IP was attempted to be imported, Clearpass fails to authenticate all VC's.  There is nothing in the Access Tracker.

Resolution is to delete the device that was imported wrong and reboot CPPM.