Security

Hi Everyone,

I am having some performance issues in the Static host lists page. I have tried to import the static host list, but it takes a very long time. I have about 20,000 hosts I need to add MAC for, and when I try to import the webUI hangs for about 5-10 minutes. The list imports quick, but then the page will not refresh.

Eventually it refreshes, and I see the list is there. However again when I click on it, I get the spinning icon in the top right, and I have to wait 5 minutes for the list to show up.

Once it shows I can see all the devices.

However every time I go back to the SHL page it takes 5 minutes for the lists to show, and another 5 minutes when I click on a list to edit it. If the helpdesk team needs to wait this long for every call to add a MAC it will become a pain.

Has anyone else experienced this issue? Is there a fix or do I need to call TAC? I have been told there is no limit to the size of static host lists, nor is there a performance impact for large lists. Is this true?

Thanks for any info you can provide

 

Edit: I also noticed when i go to the Authentication > Sources > Static-Host-List source and try to add it, it takes long for the drop down to show with the lists...

 

_ELiasz

Honestly, the static hosts list was not designed for large-scale use.  The endpoints database  guest repository is designed and scaled for that.  It is entirely possible and likely that the static host list was not tested for more than a few thousand entries. It is also difficult to find, edit and delete devices in the static host list.  It was not really designed for that scale.

 

I would seek to redesign what you are doing to work with the endpoints database guest repsitory, instead, because it is designed to manage those numbers you need.

To add, the scalable and user-friendly way for your helpdesk to add mac addresses to the endpoint database guest repository is the "create devices" dialog here:  http://www.arubanetworks.com/techdocs/ClearPass/CPGuest_UG_HTML_6.5/Default.htm#GuestManagement/MACCreationModes_Manually.htm

 

 

Thanks for the reply.

 

The endpoints are a good options, but it's more work to convert to the XML then add in a CSV to the XML for Static Host list.

 

I will look at that as an options, and we can use the ASE link here: https://ase.arubanetworks.com/solutions/id/91 to do the converstion. I can also use the perl script and share with the customer so they can create XML offline.

 

I will look at that option,

 

Thanks,

 

_ELiasz

I fully understand your position.  I just want to put you on the correct path moving forward.

Please leverage the Guest Device Repository for manually registering MAC
addresses.



The endpoint repository is not user facing and SHLs are designed for one
offs.

Would the Guest Device Repo required Guest License? This is for wired MAC auth form cisco switch. I think the Endpoints Database would be the best place, and helpdesk can add devices there.

 

I will also share the perl script with the customer so they can convert larger CSV lists to the XMl and import.

Thanks

 

_ELiasz

 

No guest licenses are required for device registrations.



It's recommended to use the guest device repository if anyone other than an
admin needs to make changes to endpoints. The endpoint repository is not
designed for constant changes by users.

I misspoke and corrected my original posts.  It should go into the guest repository.  Everything else is true.

No guest licenses required to use the Guest Repo? Helpdesk has privilages to edit the Endpoints database, any reason to not use that?

 

_ELiasz