Security

Reply
Highlighted
Frequent Contributor I

Entry license profiling and endpoint attributes

Hi, with Clearpass Entry license, profiling shouldn't be available. However, I've installed a CPPM with Entry license and I see the endpoints getting profiled and it's even possible to use profiling in services. Is this a functionaltiy that is yet to be dropped in a new sw version? I would like to know what endpoint attributes we would be able to use in the policy rules.

ACMX, ACDX, ACCP, MASE

Accepted Solutions
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

The endpoints are not profiled, and will have basic information. See the attached images for what my iPad looks like, even with profiling configured correctly.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!

View solution in original post


All Replies
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

True, entry should not allow TACACs, profiling, or 3rd party integration. Do you have some evaluation/demo licenses still active? 

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

I also suppose you are at least on version 6.8 ?

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Frequent Contributor I

Re: Entry license profiling and endpoint attributes

Yes, v 6.8. It's an Entry evaluation license. I have to make a services design, but I don't know which attributes will be available with Entry. That's why I installed this eval on a new test server. But I don't see any difference with Access licenses at the moment.

ACMX, ACDX, ACCP, MASE
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

Do you have any other licenses active on the server? Is it using an Access license? Is this server part of a cluster that has Access licensing?

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Frequent Contributor I

Re: Entry license profiling and endpoint attributes

Hi, no it's a new standalone eval server (VM) with only an eval platform license and eval Entry license.

 

Did you already install an Entry-licensed CPPM? I'd like to see how the endpoint entries look like and what is available for policy rules.

ACMX, ACDX, ACCP, MASE
Highlighted
Frequent Contributor I

Re: Entry license profiling and endpoint attributes

Did anyone actually install an Entry-licensed CPPM?

ACMX, ACDX, ACCP, MASE
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

I have. And it works as advertised. You will get low level system profile information, but no full profiling. TACACS is not available, and I was not able to add an external context server. 

 

Maybe re-install the VM, and migrate the licenses over to it?

 

Also make sure to double check that you do not have any type of evaluation licenses installed when you begin testing.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Frequent Contributor I

Re: Entry license profiling and endpoint attributes

Ah ok nice. I installed a fresh CPPM with Entry eval only. Maybe eval Entry license are more like Access Licenses.

How do the endpoint entries look like? Do they have less fields or are the simply not fingerprinted automatically?

ACMX, ACDX, ACCP, MASE
Highlighted
Super Contributor I

Re: Entry license profiling and endpoint attributes

The endpoints are not profiled, and will have basic information. See the attached images for what my iPad looks like, even with profiling configured correctly.

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: