Security

Reply
Contributor I

What is the difference among endpoint repository , guest device and static host list?

Hi, if using mac address authentication, and need to specify authentication source. I see  3 local databases (guest device, endpoint repository and static host list ) all can support mac authentication. What is the difference among them? Please advise, thanks in advance. 

Moderator

Re: What is the difference among endpoint repository , guest device and static host list?

Endpoint Repository is for system added/generated attributes.
Guest Device Repository is for end user or admin device registration.
Static Host List should only be used for things like MAC prefixes.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
MVP Expert

Re: What is the difference among endpoint repository , guest device and static host list?

Endpoint DB:
The primary use is for devices that are dynamically profiled or authenticated by ClearPass and also allows you to add custom attributes to the endpoints and use those for enforcement purposes

Guest Device DB:
The primary use is to register devices using the devices mac addresses and gives you the availability to provide role based access to user to register and manage their own devices .
You can also add an expiration time , roles (tags) based on the use case.
This is the recommended DB to register devices

Static Host List:
Allows you to register/add devices using the devices mac addresses but it doesn’t allow you to add any context to those devices like expiration , name , roles, etc..

Sent from Mail for Windows 10

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: What is the difference among endpoint repository , guest device and static host list?

Thanks for your kind reply. 

Endpoint repository is automatically generated by Clearpass when it receive authentication request?  can also manually add endpoint , when should  set status "known"or ünknown" ?  Thanks. 

Moderator

Re: What is the difference among endpoint repository , guest device and static host list?

Yes, every endpoint that ClearPass sees will be added. Think of it as a system repository. Known/Unknown should only be used for cleanup purposes.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: What is the difference among endpoint repository , guest device and static host list?

Came across this older post as I'm wondering about the same thing. I have DHCP profiling enabled so most of the devices are already in the DB. I guess doing MAC auth also adds devices to the endpoints repository?

 

I'm wondering if I can use endpoint repository to also add devices manually from our CMDB? I'd like to pre populate the endpoint repository with non-802.1X compliant printers/hvac/security cameras before I enable authentication on the switch. Can I use API to create endpoints to endpoint repository or should I use guest repo? I guess I'd end up having devices in both DBs if I use guest repo?

Moderator

Re: What is the difference among endpoint repository , guest device and static host list?

If it's "machine data" (aka not being manually manipulated by a user), just use Endpoints. If it's an end user flow where users need to add, modify or delete device records, use Device Registration.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: