Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Set endpoint attribute during onboard

This thread has been viewed 0 times

  • 1.  Set endpoint attribute during onboard

    Posted Dec 17, 2017 05:18 AM

    Hi community,

     

    Is it possible to set an endpoint attribute during the onboard process of that endpoint (for example, set endpoint's username equals to the user that is onboarding)? I want to use that attribute for enforcement decision later when the endpoint does 802.1X authentication to the wireless network.

     

    Please give me some advice.

     

    Thank you,

     

     



  • 2.  RE: Set endpoint attribute during onboard

    EMPLOYEE
    Posted Dec 17, 2017 06:12 PM
    Yes, you can. Use a ClearPass Enttity Update enforcement profile.


  • 3.  RE: Set endpoint attribute during onboard

    Posted Dec 17, 2017 11:41 PM

    Hi Tim,

     

    It didn't work though I can see the status was ACCEPT. Below is my configuration and the log messages:

     

    1.PNG

     

    2.PNG

     

    3.PNG

     

    4.PNG

     

    5.PNG

     

    Could you please verify if this is a valid configuration? I guess the profile was not applied due to no End-Host Identifier available during onboard.

     

    Thank you,