Security

Reply
Highlighted
Occasional Contributor I

Urgent Help needed with Clearpass Device Profiling and Onboard

Hi Guys 

I need a urgent help with Clearpass Profiling and Onboard 

 

Customer Requirements:

 

1.One SSID (Vlab_Corp) 

2.Contractor1 User log in with Dot1x credentials and authenticates against AD to get an access 

3.After Contractor1 is authenticated, his device status is profiled and listed as unknown 

4.Based on Unknown status Contractor1 is dynamically moved to Onboarding Vlan eg. (70)

5.Contractor1 going through onboarding process 

6.Onboarding finished, and Device Profile status should change to known

7.Based on Known status, Contractor1 one is dynamically moved to Contractor Vlan and Contractor role is also assigned 

 

I’m stuck on Point 6 onwards

Can anyone advise how to trigger an Endpoint Status after onboarding process is completed? So Contractor can be assigned a role and Vlan based on Known status?

 

Please Help

 

Regards

Jack

 

 

Guru Elite

Re: Urgent Help needed with Clearpass Device Profiling and Onboard

Couple of comments:


1. Known vs Unknown is not based on profiling
2. You should use dual SSID Onboard (guest network + secure)
3. It is never recommended to change VLANs on the fly
4. You can add [Update Endpoint Known] to your Onboard Authorization service.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Urgent Help needed with Clearpass Device Profiling and Onboard

Hi Tim
Thanks for a quick response
I know I should be using 2x SSIDs, however this is one of the customer core requirements
I’ve tried to add Update endpoint status to Onboard service but I’d didn’t changed the status after onboard was completed
What I need to do is To Redirect contractor 1 user to onboarding portal and after onboarding is successful he should get an contractor role and vlan
Are the any other ways to achieve this on a single SSID ?
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: