Aruba Apps

Hi, I was wondering if there is a way to have clearpass block or remove devices that don't match a policy?  I work on a college campus and we have student self register their gaming and streaming devices, but for there computers they need to configure 802.1x, some students will register their computers' as gaming devices, currently we manually go through the mac address's in managed devices,  is it possible for clearpass to determine that this isnt a xbox or PSx or Nintendo and then disable the mac for access?

Thank you

Pino  

------------------------------
Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
pmuraca@stonehill.edu
------------------------------

In general, the list of policies in Clearpass determine what role a device will be tagged with (role policies) and in enforcement, what enforcement profile will be sent back.  If a device does not satisfy any of those policies, a device is either tagged with the default role or default enforcement policy.

I hope I am answering your question...

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Aug 31, 2023 03:05 PM
From: pmuraca
Subject: clearpass policy to block devices using wrong policy

Hi, I was wondering if there is a way to have clearpass block or remove devices that don't match a policy?  I work on a college campus and we have student self register their gaming and streaming devices, but for there computers they need to configure 802.1x, some students will register their computers' as gaming devices, currently we manually go through the mac address's in managed devices,  is it possible for clearpass to determine that this isnt a xbox or PSx or Nintendo and then disable the mac for access?

Thank you

Pino  

------------------------------
Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
pmuraca@stonehill.edu
------------------------------

In such cases you should be using Device Profiling . 
Another way could be to register devices under a Group and then TAG the Role to that group.

You would have to go to Configuration > Identity > Endpoints

Then when you register (or edit) the XBOX, you go to the Attributes TAB. On Attribute you can choose: Device Type with Value: Game Console

Then when you do the service, you can tag on the role mapping:
Type: Device
Name: Device Type
Operator: Equal
Value: Game Console

And then  you assign a role name whichever you are using.

------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP |
-Just an Aruba enthusiast and contributor by cases-
------------------------------

Original Message:
Sent: Aug 31, 2023 03:05 PM
From: pmuraca
Subject: clearpass policy to block devices using wrong policy

Hi, I was wondering if there is a way to have clearpass block or remove devices that don't match a policy?  I work on a college campus and we have student self register their gaming and streaming devices, but for there computers they need to configure 802.1x, some students will register their computers' as gaming devices, currently we manually go through the mac address's in managed devices,  is it possible for clearpass to determine that this isnt a xbox or PSx or Nintendo and then disable the mac for access?

Thank you

Pino  

------------------------------
Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
pmuraca@stonehill.edu
------------------------------