Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What is the difference among endpoint repository , guest device and static host list?

This thread has been viewed 17 times

  • 1.  What is the difference among endpoint repository , guest device and static host list?

    Posted Sep 20, 2018 10:18 AM

    Hi, if using mac address authentication, and need to specify authentication source. I see  3 local databases (guest device, endpoint repository and static host list ) all can support mac authentication. What is the difference among them? Please advise, thanks in advance. 



  • 2.  RE: What is the difference among endpoint repository , guest device and static host list?

    EMPLOYEE
    Posted Sep 20, 2018 10:35 AM
    Endpoint Repository is for system added/generated attributes.
    Guest Device Repository is for end user or admin device registration.
    Static Host List should only be used for things like MAC prefixes.


  • 3.  RE: What is the difference among endpoint repository , guest device and static host list?

    Posted Sep 20, 2018 10:51 AM

    Thanks for your kind reply. 

    Endpoint repository is automatically generated by Clearpass when it receive authentication request?  can also manually add endpoint , when should  set status "known"or ünknown" ?  Thanks. 



  • 4.  RE: What is the difference among endpoint repository , guest device and static host list?

    EMPLOYEE
    Posted Sep 20, 2018 12:05 PM
    Yes, every endpoint that ClearPass sees will be added. Think of it as a system repository. Known/Unknown should only be used for cleanup purposes.


  • 5.  RE: What is the difference among endpoint repository , guest device and static host list?

    Posted Sep 20, 2018 10:46 AM

    Endpoint DB:
    The primary use is for devices that are dynamically profiled or authenticated by ClearPass and also allows you to add custom attributes to the endpoints and use those for enforcement purposes

    Guest Device DB:
    The primary use is to register devices using the devices mac addresses and gives you the availability to provide role based access to user to register and manage their own devices .
    You can also add an expiration time , roles (tags) based on the use case.
    This is the recommended DB to register devices

    Static Host List:
    Allows you to register/add devices using the devices mac addresses but it doesn’t allow you to add any context to those devices like expiration , name , roles, etc..

    Sent from Mail for Windows 10



  • 6.  RE: What is the difference among endpoint repository , guest device and static host list?

    Posted Dec 30, 2018 09:13 AM

    Came across this older post as I'm wondering about the same thing. I have DHCP profiling enabled so most of the devices are already in the DB. I guess doing MAC auth also adds devices to the endpoints repository?

     

    I'm wondering if I can use endpoint repository to also add devices manually from our CMDB? I'd like to pre populate the endpoint repository with non-802.1X compliant printers/hvac/security cameras before I enable authentication on the switch. Can I use API to create endpoints to endpoint repository or should I use guest repo? I guess I'd end up having devices in both DBs if I use guest repo?



  • 7.  RE: What is the difference among endpoint repository , guest device and static host list?

    EMPLOYEE
    Posted Dec 30, 2018 11:12 AM
    If it's "machine data" (aka not being manually manipulated by a user), just use Endpoints. If it's an end user flow where users need to add, modify or delete device records, use Device Registration.