Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Filtering static endpoints?

This thread has been viewed 0 times

  • 1.  Filtering static endpoints?

    Posted Aug 29, 2019 06:19 AM

    In CPPM 6.7, is it possible to filter known static endpoints so that they dont consume an endpoint licence? We are licenced for 2500 endpoints but if we enable port security on all of our switches we could potentially have 1500 IP phones, 900 Wyse terminals and around 200 Xerox MFDs trying to get authed.

    It doesnt give us any room for the windows endpoints that we are really interested in.



  • 2.  RE: Filtering static endpoints?
    Best Answer

    EMPLOYEE
    Posted Aug 29, 2019 08:37 AM

    No. Why would these be exempt from licensing?



  • 3.  RE: Filtering static endpoints?

    Posted Aug 29, 2019 09:02 AM

    I get where you are coming from Tim, it may seem like a silly question but as they are "static" we aren't really interested in them once they are authed. We are more interested in non-company devices trying to connect.

     

    A simpler solution may be to turn off mac-auth altogether (just allow headless devices) and just use dot1x.

     

    Thanks for the reply.



  • 4.  RE: Filtering static endpoints?

    EMPLOYEE
    Posted Aug 29, 2019 09:07 AM

    Static and IoT devices pose the greatest risk to enterprise networks. CPPM and network policy isn't about just getting the device onto the network, it's having a mechanism to get it off the network.