Security

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.

This all depends on your setup of Clearpass.  You will have to look at the Enforcement Policy and Role mapping details to see what is setup.

Here is an example of my setup and this is not the same as your setup.  You will need to view the details of what you have setup.

I use static host lists to map to roles:
Configuration -> Role Mappings -> 'XXXXXX- MAC-RoleMapping'

Configuration -> Enforcement -> Policies -> XXXXXX- Aruba-Wireless-MAC-Enforcement

^In the example above, I am setting a role based on the device being part of a SHL called MAC-AUTH - XXXXXX-PRINTER.  I then match on the role and use the enforcement profile WIRELESS-VLAN-PRINTER.  If I were to remove a mac from the Printer SHL, then it would not get the role anymore and hit the default profile of Deny Access.

This is just an example of what I have setup and your setup may be very different.  It is possible that you might be setting a role based on the device being profiled/being in the endpoint database or some other attribute.  I can not know the answer to your question without looking at your setup.

If you are really unsure, open a ticket with TAC and have them run through what you have setup and have them help you out.

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.

You can remove entries from a static host list by editing it and press the trashbin for the entry you want to remove:

You can find the Static Host Lists under Configuration -> Identity:

If you are not familiar with ClearPass, be warned that you can seriously break things if you perform a bad action.

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.

Hi Herman,

Thanks for your reply. I used to delete mac from the same way you suggested, but in my case I have more than 800 mac address and it is hard to scroll down and find the exact mac address I wanted to delete from such a big list.

I see that there's a way to do from Configuration > Identity > Endpoints (here we can probably do search the mac and delete) but not sure this will not allow for the same mac address to reauthenticate again.?.

The issue that I was by mistake I added same mac address on two static group lists and I want to delete it from one group list. 

You can remove entries from a static host list by editing it and press the trashbin for the entry you want to remove:

You can find the Static Host Lists under Configuration -> Identity:

If you are not familiar with ClearPass, be warned that you can seriously break things if you perform a bad action.

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.

Hi Herman,

Thanks for your reply. I used to delete mac from the same way you suggested, but in my case I have more than 800 mac address and it is hard to scroll down and find the exact mac address I wanted to delete from such a big list.

I see that there's a way to do from Configuration > Identity > Endpoints (here we can probably do search the mac and delete) but not sure this will not allow for the same mac address to reauthenticate again.?.

The issue that I was by mistake I added same mac address on two static group lists and I want to delete it from one group list. 

You can remove entries from a static host list by editing it and press the trashbin for the entry you want to remove:

You can find the Static Host Lists under Configuration -> Identity:

If you are not familiar with ClearPass, be warned that you can seriously break things if you perform a bad action.

Hi, 

I am fairly new to the Clearpss, I would appreciate if someone can advise how to safely remote individual mac address from Static Host group. 

There is a way to delete a mac from Configuration > Identity > Endpoints but this seems to be already authenticated/profiled endpoint and not sure if I delete from there it will also go away from Static Host list group and the same MAC may not able to authenticate thereafter.

Thanks in advance.