Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

cannot fetch device category parameter

This thread has been viewed 4 times

  • 1.  cannot fetch device category parameter

    Posted Feb 12, 2015 11:32 PM

    Hi Guys,

    i'm testing a BYOD rule where i need to fetch a Device Category parameter from the endpoint repository. i used to get it successfully, but i dont what config i changed cause this parameter stop showing up on my access tracker.

    i already have Device Repository as one of the Auth source

    Authorization Source:
    [Endpoints Repository], [Onboard Devices Repository], SMIG_AD-GRESIK

    but the only authorization parameter i get from the input tab|Authorization in from my AD source.

    Authorization:SMIG_AD-GRESIK:Account Expires9223372036854775807 [30828-09-14 09:48:05 WIB]
    Authorization:SMIG_AD-GRESIK:memberOfCN=Administrators,CN=Builtin,DC=smig,DC=corp, CN=DnsAdmins,CN=Users,DC=smig,DC=corp, CN=Domain Admins,CN=Users,DC=smig,DC=corp, CN=Domain Controllers,CN=Users,DC=smig,DC=corp
    Authorization:SMIG_AD-GRESIK:NameCLEARPASS
    Authorization:SMIG_AD-GRESIK:UserDNCN=CLEARPASS,CN=Managed Service Accounts,DC=smig,DC=corp

    what am i missing here that caused no parameter from my endpoint shows up?

    thanks in advance.

    Ricky.



  • 2.  RE: cannot fetch device category parameter

    EMPLOYEE
    Posted Feb 12, 2015 11:35 PM
    Can you confirm that the category is set for that MAC address in the endpoint database? 


    Thanks, 
    Tim


  • 3.  RE: cannot fetch device category parameter

    Posted Feb 12, 2015 11:55 PM

    Hi Tim, yes i have some of them profiled as shown below. same device that used to show the category in the access tracker, now no longer does it anymore. this causes many of my rule filter fails.

    endpoint.png

    Ricky



  • 4.  RE: cannot fetch device category parameter

    Posted Feb 13, 2015 07:19 AM

    bump..

    anyone have any clue what should i do?

     

    Ricky



  • 5.  RE: cannot fetch device category parameter

    Posted Feb 15, 2015 08:21 AM

    i don't understand you last reply. do the devices you check for end up correctly in the endpoint database or not?

     

    show the endpoint database info for one MAC you also show the access tracker output for.



  • 6.  RE: cannot fetch device category parameter
    Best Answer

    Posted Feb 15, 2015 08:37 AM

    i found the fix.

    apparently the parameters from Endpoint Repository won't show up if your device in the endpoint database is in 'Unknown' state.

    one of my service put them to unknown after certain rule hit and everything works fine after i changed it.

    thanks for the responses guys.

     

    Ricky



  • 7.  RE: cannot fetch device category parameter

    EMPLOYEE
    Posted Feb 15, 2015 11:12 AM
    Just to clarify, device profile is independent of the known/unknown state. 


    Thanks, 
    Tim