Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Device Insight Integration Page
The Policy Manager to integrate with Policy Manager Device Insight, a cloud-hosted application for comprehensive device visibility. When Device Insight is enabled, Policy Manager disables device profiling on the current Policy Manager server and passes the raw preprofiled information to the Device Insight-enabled node. This change occurs across all the Profiler-enabled nodes (see Changes in the ClearPass User Interface When Device Insight Integration is Enabled). A number of other Policy Manager features are removed from the user interface when Device Insight Integration is enabled. For details, see Changes in ClearPass Behaviors When Device Insight Integration is Enabled.
page enablesEnabling Device Insight Integration
To enable Policy Manager Device Insight Integration:
1. Complete the prerequisites described in Prerequisites to Using Device Insight Integration.
2. On the publisher, navigate to > > .
The
page opens:Figure 1 Device Insight Integration Page
3. Click .
4. Specify the parameters.
Parameter |
Action/Description |
Device Insight Integration |
To enable Device Insight Integration, select the radio button.This feature is disabled by default. |
Registration Token |
To initiate the Activation process, enter the ClearPass Device Insight was deployed. that was generated when |
Activation Status |
This is a read-only field. When Device Insight is disabled, this field displays the status . As part of the Activation process, the Device Insight-enabled node is provisioned with Central certificates.If provisioning is successful, this field displays the status SUCCESS. If an incorrect or an expired registration is used, this field displays the status FAILED. |
Primary ClearPass Server |
Select the ClearPass Policy Manager hardware appliance designated as the primary ClearPass Server. If the Policy Manager instance uses a single appliance, this field is already populated. If it is part of a cluster, you can select any appliance in the cluster, whether publisher or subscriber, to be the primary Policy Manager server. |
Standby ClearPass Server |
Use this option to designate a standby Device Insight Integration-enabled server for a cluster. Designating a standby is optional; however, it is recommended. If the primary server is unavailable, the standby server will take over functionality, detecting any communication failures and providing service continuity. The standby server should have the same activation and certificate provisioning configuration as the primary. |
Polling Interval |
Specify the . Enter a value from minutes to minutes (33.3 hours), inclusive. The default value is minutes.The is a configurable parameter that serves as a backup in the event real-time streaming becomes unavailable.If there is no communication between ClearPass Policy Manager and Device Insight within the specified interval, Policy Manager polls Device Insight to fetch devices, classification details, and Device Insight tags. |
Device Sync interval |
Devices active within the past number of days specified in this date range will be synched between ClearPass Policy Manager and Device Insight. The supported range is 0-999 days, and the default value is 30 days. |
Device Tag Action Updates |
If there is no RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or Disconnect action for devices configured in a service, you can use the options to assign the correct change of authorization (CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. ) behavior. Select any of the following options: —Actions are ignored and Policy Manager’s endpoint tables are updated. RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. action that will be applied to all tags. For any tag update for any endpoint, the selected CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. re-authentication action will be triggered. — When this option is selected, you can click the drop-down menu and selectRADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. action using the field, you can use the field to specify a specific set of tags on which to apply the action. The selected CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. re-authentication action will only be triggered for the specified tags. Click the drop-down menu to select a tag. To remove a tag, select a tag in the field and click . — When this option is selected, in addition to selecting the |
5. Click .The following prompt appears:
Figure 2 Prompt to Enable Device Insight Integration
6. To proceed with enabling , click ; to cancel the operation, click .
7. If activation is successful, the field displays the status , and the form expands to include following read-only fields.
Parameter |
Action/Description |
Activation Timestamp |
This is a read-only field that appears after successful activation. This field is automatically populated to indicate the time at which Device Insight was activated. |
Registration Status |
This is a read-only field that appears after successful activation. If a Websocket connection is successfully initiated between the Device Insight-enabled node and Aruba Central, the registration appears as SUCCESS. |
Last Sync Timestamp |
This is a read-only field that appears after successful activation. It indicates the time at which the last endpoint added to Policy Manager from Device Insight during synchronization. This field is automatically populated. |
Last Sync Run |
Time that the last sync operation started between Policy Manager and Device Insight. |
Aruba Central Tenant ID |
This is a read-only field that appears after successful activation. It indicates the Aruba Central Tenant ID. |
Figure 3 Device Insight Activation Enabled
Disabling Device Insight Integration
Use the following procedure to disable
,
|
Be aware that if you disable Device Insight Integration at any point after it has been enabled, the Device Insight Registration Token and certificate are not retained. To enable integration again, you will need to enter the Registration Token again. |
1. Navigate to > > . The page opens.
2. On the option, select , then click . The following prompt is displayed.
Figure 4 Prompt to Disable Device Insight Integration
3. To proceed with disabling , click ; to cancel the operation, click .
Device Insight Integration is set to .