Creating Rules

This section contains the following topics:

Creating Rules From Scratch

To create a rule A rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification. from scratch:

  1. Go to the Classify Devices Using Rule dialog from the Generic Devices - Dashboard.

    For information, see Creating Rules.

    If you accessed this dialog directly from the Generic Devices - Dashboard, no attributes are displayed as rule A rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification. conditions on this dialog.

  2. Select an attribute you want to include as a condition in the rule by performing the following:
    1. Click +Rule Condition icon at the bottom of the dialog.

    A pop up box opens displaying all of the available device attributes that can be included as conditions in the rule.

    1. Select the device attribute you wish to configure for the rule. Device attributes are:

    After you select a device attribute it is added to the Classify Devices Using Rule dialog.

    Table 1: Device Attributes

    Attribute

    Description

    Application Group

    Application groups for which the device is communicating.

    Application ID

    Application IDs for the device.

    Destination Connection

    Destination connection for the device.

    Destination Host

    Destination host for the device.

    DHCP Option55

    Parameter request list.

    DHCP Option60

    Vendor class identifier.

    DHCP Options

    List of options available.

    Host Device Type

    Host device type for wireless devices.

    MAC OUI

    Media Access Control (MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. ) Organizationally Unique Identifier (OUI Organizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI.).

    MAC Vendor

    MAC vendor.

    NMAP Device

    NMAP device.

    NMAP Operating System Family

    NMAP operating system family.

    NMAP Operating System Generation

    NMAP operating system generation.

    NMAP Operating System Type

    NMAP operating system type.

    NMAP Operating System Vendor

    NMAP operating system vendor.

    Operating System Type

    Operating system type.

    Port

    Open ports on the device.

    Services

    Open services on the device.

    SNMP CDP Cache Platform

    SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  Cisco Discovery Protocol (CDP Cisco Discovery Protocol. CDP is a proprietary Data Link Layer protocol developed by Cisco Systems. CDP runs on Cisco devices and enables networking applications to learn about the neighboring devices directly connected to the network.) Cache Platform.

    SNMP Host Device Type

    SNMP device type.

    SNMP HR Device Description

    SNMP Host Resources device description.

    SNMP LLDP System Description

    SNMP Link Layer Discovery Protocol (LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet.) system description.

    SNMP Name

    SNMP name.

    SNMP System DescriptionSNMP system description.
    SSH TypeSecure Shell (SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. ) type.

    Type

    Device type.

    User AgentUser agent.
    WMI Operating SystemWindows Management Instrumentation (WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.) operating system.

    The operator field for each attribute defaults to the single value operator Equals or Contains depending on the type of attribute.

    For more information, see Creating Rules.

    To delete an attribute, hover over an attribute row and click the Delete icon at the end of the attribute row.

  3. Enter the value or values for the attribute you selected by performing the following:
    1. Click +Value icon next to the attribute.
    2. Enter a value for the attribute on the blank line.

      You have the option to enter a regular expression (regex Regular Expression. Regex refers to a sequence of symbols and characters defining a search pattern.) as a value for an attribute. To enter a regex, enter re: and the regex on the blank line. For example, re:5[0-9][a-z]. When you enter re: a Test Regular Expression (right arrow) icon is displayed next to the attribute value field.

      For more information about regex syntax, see Regular Expression Syntax.

      These regular expressions do not support case sensitivity.

      Optionally, click the Test Regular Expression icon if you want to test the regex you entered. When you click the Test Regular Expression icon, the row expands and the Edit Test Regular Expression section is displayed. A green check mark in a circle is displayed next to the regex if it is valid and a red exclamation point in a circle is displayed if it not valid. If the regex is not valid, you can modify the regex in the section until the regex is correct. Plus, you can also enter a test string in the Test String field to verify those results. A green check mark in a circle is displayed next to the test string if it meets the regex and a red exclamation point in a circle if it does not meet the regex. Click Done to collapse the row and accept the changes you made to the regex.

      After you enter the first value, the condition is automatically selected to be included in the rule.

    3. (Optional) Click +Value icon and enter a new value for an attribute on the new blank line. Click the Delete icon to delete the new blank line or value.

      After you enter a second value, the operator field automatically changes to the multiple value operator Equals (Any) or Contains (Any) depending on the type of attribute.

      For more information, see Creating Rules.

  4. Specify the operator for the rule condition by clicking the down arrow next to the operator field and selecting the operator for the attribute.

    For more information, see Creating Rules.

  5. Repeat steps 2 through 4 until you have defined all of the conditions for the rule.
  6. Click Next.

    If the rule you are creating overlaps with other rules, an Overlapping Rules section is displayed containing a grid that lists the rules that overlap with this rule. The columns that display in the grid are the overlapping Rule Name, Attribute, Operator, and Value. Otherwise, the Overlapping Rules section is not displayed.

    If you have overlapping rules, the system only processes the first rule and the other rules are not processed. We recommend that you don't have overlapping rules.

  7. (Optional) Click the Information icon to view all of the rule conditions that were previously selected. Click the icon again to hide the conditions.
  8. Click in the Rule Name field and enter a name for the rule.

    Rule names can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash) and _ (underscore).

  9. Enter a device category for the rule by performing one of the following:
    • Click the down arrow next to Device Category and select a device category.
    • Click in the Device Category field and enter a device category.

    Device categories can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

    If you enter a new device category, the Browse button becomes available at the bottom of the dialog.

  10. Enter a device family for the rule by performing one of the following:
    • Click the down arrow next to Device Family and select a device family.
    • Click in the Device Family field and enter a device family.

    Device families can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

    If you enter a new device family, the Browse button becomes available at the bottom of the dialog.

  11. Enter a device type for the rule by performing the following:
    1. Click the down arrow next to Device Type and select a device type.
    2. Click in the Device Type field and enter a device type.

      Device types can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

      If you enter a new device type, the Browse button becomes available at the bottom of the dialog.

  12. (Optional) Upload an image of the device if you have entered a new device category, device family, and device type by performing the following:
    1. Click Browse.
    2. Select the image file.

      The image file must be of a .jpeg, jpg, or .png file type and cannot be larger than 1 MB in size.

  13. Save your work by performing one of the following:
    • Click Save to save the rule. No existing devices are reclassified at this time. You can return later and click the Reclassify Devices action button on the User Classified Devices - Dashboard or Generic Devices - Dashboard to have the system reclassify devices using this rule.
    • Click Save & Reclassify to save the rule and have the system immediately reclassify the existing devices using this rule.

    If you have uploaded an image of the device, an email with all of the rule details and attachment is sent to Aruba. Aruba evaluates the image and may or may not apply it to ClearPass Device Insight because Aruba may already possess a better image. You and other customers of ClearPass Device Insight may see the new image in ClearPass Device Insight after the next deployment cycle after the email is received.

Creating Rules From Devices

To create a rule A rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification. from a device:

  1. Go to the Classify Devices Using Rule dialog from one of the following:
    • Generic Devices - Device Details dialog
    • User Classified Devices - Device Details dialog
    • Classified Devices - Device Details dialog

    For information, see Creating Rules.

    If you accessed this dialog from the Generic Devices - Device Details dialog, User Classified Devices - Device Details dialog, or Classified Devices - Device Details dialog, the device attributes and associated values are displayed as rule conditions on this dialog.

    Optionally, to delete an attribute, hover over an attribute row and click the Delete icon at the end of the attribute row.

  2. Edit the rule condition for each attribute by performing the following:
    1. Click the down arrow next to the operator field and select the operator for the attribute.

      Contains or Equals is displayed as the default value in the operator field for a single value attribute.

      Contains (Any) or Equals (Any) is displayed as the default value in the operator field for a multiple value attribute.

      For more information, see Creating Rules.

    2. Optional (Modify) the values for the attributes by performing one or more of the following:
      • Click +Value icon and add additional values for the attribute.
      • Click Delete icon to delete a value for an attribute.
      • Click Delete icon to delete a value for an attribute and then click +Value to enter an new value for the attribute.
  3. (Optional) Select additional attributes you want to include in the rule and configure those conditions. Click the +Rule Condition icon and select those additional attributes. Then enter the value or values for the attributes and select the operators for those attributes.

    For more information, see Creating Rules From Scratch.

    A regular expression (regex) can be entered as a value for an attribute. To enter a regex, enter re: and then the regex. For example, re:5[0-9][a-z].
    For more information, see Creating Rules and Creating Rules From Scratch.

  4. Select the conditions you wish to include in the rule by clicking the check box at the beginning of each condition. You can also click Include All to select all of the conditions for the rule.
  5. Click Next.

    If the rule you are creating overlaps with other rules, an Overlapping Rules section is displayed containing a grid that lists the rules that overlap with this rule. The columns that display in the grid are the overlapping Rule Name, Attribute, Operator, and Value. Otherwise, the Overlapping Rules section is not displayed.

    If you have overlapping rules, the system only processes the first rule and the other rules are not processed. We recommend that you don't have overlapping rules.

  6. (Optional) Click the Information icon to view all of the rule conditions that were previously selected. Click the icon again to hide the conditions.
  7. Click in the Rule Name field and enter a name for the rule.

    Rule names can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash) and _ (underscore).

  8. Enter a device category for the rule by performing one of the following:
    • Click the down arrow next to Device Category and select a device category.
    • Click in the Device Category field and enter a device category.

      Device categories can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

      If you enter a new device category, the Browse button becomes available at the bottom of the dialog.

  9. Enter a device family for the rule by performing one of the following:
    • Click the down arrow next to Device Family and select a device family.
    • Click in the Device Family field and enter a device family.

      Device families can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

      If you enter a new device family, the Browse button becomes available at the bottom of the dialog.

  10. Enter a device type for the rule by performing the following:
    1. Click the down arrow next to Device Type and select a device type.
    2. Click in the Device Type field and enter a device type.

      Device types can contain a combination of upper and lower case alpha-numeric characters and these special characters: - (dash), _ (underscore), / (forward slash), & (ampersand), and () (right and left parenthesis).

      If you enter a new device type, the Browse button becomes available at the bottom of the dialog.

  11. (Optional) Upload an image of the device if you have entered a new device category, device family, and device type by performing the following:
    1. Click Browse.
    2. Select the image file.

    The image file must be of a .jpeg, jpg, or .png file type and cannot be larger than 1 MB in size.

  12. Save your work by performing one of the following:
    • Click Save to save the rule. No existing devices are reclassified at this time. You can return later and click the Reclassify Devices action button on the User Classified Devices - Dashboard or Generic Devices - Dashboard to have the system reclassify devices using this rule.
    • Click Save & Reclassify to save the rule and have the system immediately reclassify the existing devices using this rule.

    If you have uploaded an image of the device, an email with all of the rule details and attachment is sent to Aruba. Aruba evaluates the image and may or may not apply it to ClearPass Device Insight because Aruba may already possess a better image. You and other customers of ClearPass Device Insight may see the new image in ClearPass Device Insight after the next deployment cycle after the email is received.

Related Topics