Security

Hi,

 

Is it possible to limit the number of devices with which a user can connect thru ClearPass ? I mean I would like that a user can connect with 3 max devices in a day with his account.

 

Thanks

 

Dimitri

yes,

In your enforcement profile (or role mapping policy) you can verify the unique device count from your endpoint repository.

 

Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3 -> deny access profile

Sorry but I don't understand how to apply it to my service for Guest Access. Can you give me more details, thanks.

 

Regards

 

Dimitri

If you run the service template guest withe Mac access it will create the service and you can either use that one or copy the device limit to your existing service.

Thanks but I don't understand how to do this : copy the device limit to your existing service. Can you make me one or two screenshots of the procedure ?

 

Thanks again

 

Dimitri

CPPM/tips - Configuration - Service Templates - Guest MAC Authentication

 

Just fill in this template and the required services will be created automatically.

 

One of the services will be something like "... Guest Access With MAC Caching"

Go check the "role" tab and "Enforcement" tab of this service... there should be a condition like :

Conditions

Role

(Authorization:[Endpoints Repository]:Unique-Device-Count  GREATER_THAN  3)

[Deny Access Profile]

 

That's the bit that denies access when more than 3 devices are already registered for this user.

You will also need to add the insight repository to the authorization sources.

 

 

 

 

 

 

 

Thanks for all but I still don't know how to add the Enforcement to my service. Can you just give some tips about how to do it ?

 

Thanks again

 

Dimitri

1. Add the endpoints repository to your authorization source
2. Add condition 1 in the last screen shot to your enforcement and make sure you choose evaluate all

1. Ok done

2. Sorry but how do I add the condition ? I am a bit lost of how does work the enforcement

 

Thanks

 

Dimitri

1. In your service you need to select the enforcement tab

2. Click Modify

3. Click on the Rules tab

4. Add New rule

5. Add the following condition

6. Move the condition to the top

7. Make sure select first match

 

CPPM will look in the endpoint repository to see how many device the user has and if its more than you specify it will deny access to that device. In my condition I limit each user to a max of 3 devices per user.

 

Thanks again but after point 5, if I try to save the Rule, I got an error No Enforcement Profiles are selected and don't know whick one to select on the list.

 

Dimitri

Depending on the NAS device you are connecting though... most use a [Deny Access]

 

 

 

Ok thanks. I am only using Aruba devices so I think I can use the default Deny Access Profile.

 

I will try this and come back if I still have problems.

 

Regards

 

Dimitri

Dear Mr. Tarnold,

 

I have installed Clearpass and integrated with AD, and i want to limit device per user Max 1.

Could you help me please ?

 

 

Kindly need your help