Been looking at using endpoint profile data to auto allow certain devices to get limited connectivity... ie game consoles/printers etc without user intervention/registration
dhcp fingerprinting is enough for some devices , ie a 3ds
but playing with an amazon echo.... initially it is picked up as generic android device.
I know they'll eventually get profiled as home av/amazon/echo - assuming clearpass gets info from http headers etc.... so then is there a general provisioning role I can put devices in for ....1...5... or 10 minutes where they should have been fully profiled. Does the provisioning role need to have any access - or just a http(s) redirect so clearpass can see any http(s) traffic it attempts and use that for fingerprinting a more specific profile?
Anyone doing anything like this with devices that need more than dhcp fingerprint to be fully identified? what device and what have you found is required for full identification?
or is this a fool's quest and I need to get back to working on MacTrac