![]() ![]() SHL is also 'database' resides in local, to use it just configure it as one of the Authentication Source and configure the policy based on that. Is it possible to add those two role-names to the list at 'account-role' that can be seen in the screenshot above? And is it then possible to check for this specific role in the rolemapping / enforcement in the service to send back the correct profile?Īlternatively why dont we use Static Host List and list all the MACs there ? ![]() We actually have two groups of devices that need to be checked 'security' and 'utility'. I am looking in the guest section of Clearpass right now and am I seeing this page. Is this possible? And is it possible to use this database as an authentication source in the service to check, if a device that is trying to connect to the network, if the MAC-address is listed in this database? So what we want to do is create a new local SQL database in Clearpass where we can store the MAC addresses from these devices. It is hard to profile them and then send back the correct role to get these devices in the correct VLAN. We have some devices on the network which fall under the category 'security'. I have a question about authenticating some devices. Subject: Adding an extra local SQL database to store MAC-adresses If you find my answer useful, consider giving kudos and/or mark as solution MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP, ACEP, ACSA If you have a need to deligate administration to local or regional staff this solution is good, as they can only handle the devices within their responsibility. One group can be assigned permissions to add and delete security cameras another group to handle card readers for the doors etc. With this database you can assign a device a specific role and only grant the devices in the database access according to the assigned roles.Įven though the database is named Guest Device Repository and the administration is done under the /guest part of ClearPass it's not limited to only guest devices.Īlso, if you configure Guest Operator Profiles you can delegate permissions to handle different types of devices based on AD groupd or other authorization information. Instead you can utilize the already present device database, Guest Device Repository. But this is maybe a bit of over working the solution. No, you can't create a new custom database in ClearPass, in that case you must host the database on an external database server and configure this server as a source for ClearPass to look in to validate the MAC address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |