Creating Authentication Data from CSV
To introduce AMF Security mini to an existing network, you have to register large number of switches and devices.
You can reduce the workload of this registration process by exporting lists of active devices and switches, editing them as required, then importing them to AMF Security mini again.
Creating Authentication Data for AMF Members
Basic steps to register large number of AMF Members to AMF Security mini's database are as follows.- Exporting Active AMF Member List to a CSV File
- Editing the List of Device MAC Addresses
- Importing the CSV File
Exporting Active AMF Member List to a CSV File
Export Active AMF Member List to a CSV File.- Open the Switches > Active AMF Member List page.
- Click the "Export to CSV" button at the top right corner of the page to download a CSV file.
The default filename of an exported CSV file is "amf_member_active.csv".
Editing the List of Device MAC Addresses
Edit the downloaded CSV file of AMF Member list with a text editor.NoteTake a backup of the CSV file if necessary.
- Open the CSV file with a text editor that can handle UTF-8 character encoding.
Assume that the CSV file has the following content.
Note
In the following example, the arrow (↓) is displayed at the end of the line to distinguish the line wrapping on the screen display and the line break of the actual data, but the CSV file actually exported does not include the arrow at the end of the line.
Importing a CSV file which contains data characters outside of double-quotes causes an error."#","table","Name","Domain Name","Datapath ID" ↓
"+","amf_member_active","AMF-Master","AMF-Master.local.AMF001.atmf","-" ↓
"+","amf_member_active","AMF-Member","AMF-Member.local.AMF001.atmf","-" ↓
- Delete the comment for brevity.
The first line is a comment line. You do not have to edit the comment lines because they are ignored when imported. You can safely delete them.
"#","table","Name","Domain Name","Datapath ID"↓
"+","amf_member_active","AMF-Master","AMF-Master.local.AMF001.atmf","-" ↓
"+","amf_member_active","AMF-Member","AMF-Member.local.AMF001.atmf","-" ↓
- Rewrite the second field in each line from "amf_member_active" to "switch".
"+"," Switches ","AMF-Master","AMF-Master.local.AMF001.atmf","-" ↓
"+","Switches ","AMF-Member","AMF-Member.local.AMF001.atmf","-" ↓
- Enter notes in the fourth fields.
Here, enter "added by whitelist on 20XX/11" in the Note.
"+","switch","AMF-Master"," added by whitelist on 20XX/11 ","-" ↓
"+","switch","AMF-Member","added by whitelist on 20XX/11 ","-" ↓
- Now the content of the switch whitelist is complete.
Save the file in UTF-8.
Importing the CSV File
Import the CSV file to AMF Security mini by taking the following steps.- Open the System Settings > System Information page.
- Click the "Import" button in the Authentication Data item to open the "Upload Authentication Data" page.
- Click the "Choose File" button, select the CSV file you edited earlier, and click the "Submit" button.
Creating Authentication Data for Devices
Basic steps to register large number of devices to AMF Security mini are as follows.- Selectively auto-detect devices using UnAuth Group.
- Export a list of devices to a CSV file.
- Editing the List of Device MAC Addresses
- Importing the CSV File
Selectively Auto-Detect Devices using the UnAuth Group
Go to the Group > Add UnAuth Group page and add UnAuth Groups to auto-detect devices which you add to the whitelist.By using an UnAuth Group, you can get a list of devices which are in a particular location or schedule.
Refer to the Manually Adding Devices > Registering Location and Adding Devices from List > Detecting Devices using UnAuth Group in Quick Tour for the detailed instructions on how to add Locations and UnAuth Groups.
Exporting a List of Devices
Export a list of Device MAC addresses to a CSV file.NoteSearching/Filtering devices on the screen do not affect the content of an exported CSV file. All devices are exported to CSV even though some of them are filtered out and not displayed on a screen.
- Open the Device > Active Device List page.
- Click the "Export to CSV" button at the top right corner of the page to download a CSV file.
The default filename of an exported device list is "client.csv".
Editing the List of Device MAC Addresses
Edit the downloaded CSV file with a text editor.NoteTake a backup of the CSV file if necessary.
- Open the CSV file with a text editor that can handle UTF-8 character encoding.
Assume that the CSV file has the following content.
Note
In the following example, the arrow (↓) is displayed at the end of the line to distinguish the line wrapping on the screen display and the line break of the actual data, but the CSV file actually exported does not include the arrow at the end of the line.
Importing a CSV file which contains data characters outside of double-quotes causes an error."#","table","Device ID","Note","Tag","%ports","%port","MAC Address","Name","Note","%status","IPv4 Address","Action","Updated Date / Time","VLAN ID","Action Originator","Action Reason" ↓
"+","client","","","","%ports","%port","00:00:5e:00:53:30","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
"+","client","","","","%ports","%port","00:00:5e:00:53:31","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
"+","client","","","","%ports","%port","00:00:5e:00:53:32","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
- Delete the comment for brevity.
The first line is a comment line. You do not have to edit the comment lines because they are ignored when imported. You can safely delete them.
"#","table","Device ID","Note","Tag","%ports","%port","MAC Address","Name","Note","%status","IPv4 Address","Action","Updated Date / Time","VLAN ID","Action Originator","Action Reason"↓
"+","client","","","","%ports","%port","00:00:5e:00:53:30","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
"+","client","","","","%ports","%port","00:00:5e:00:53:31","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
"+","client","","","","%ports","%port","00:00:5e:00:53:32","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup","" ↓
- Searching/Filtering devices on the Device > Active Device List page do not affect the content of an exported CSV file.
If there are devices which do not belong to the UnAuth Group (i.e. Connected, Quarantined, Blocked and Authentication Failed), the exported CSV file contains those MAC Addresses. Those device status are written in the 12th field of CSV.
Delete the line where the 12th field is anything other than "Detected".
- The 11th ("%status") and later fields are not used for importing because they are not required for authentication data. You can safely delete them.
Here, remove the field that contains the leading comma.
"+","client","","","","%ports","%port","00:00:5e:00:53:30","","" ,"%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup",""↓
"+","client","","","","%ports","%port","00:00:5e:00:53:31","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup",""↓
"+","client","","","","%ports","%port","00:00:5e:00:53:32","","","%status","","Detected","20XX-11-22 17:32:29","No Connection","sesc.unauthGroup",""↓
- Rewrite the second field in each line from "client" to "device".
"+"," device ","","","","%ports","%port","00:00:5e:00:53:30","","" ↓
"+","device ","","","","%ports","%port","00:00:5e:00:53:31","","" ↓
"+","device ","","","","%ports","%port","00:00:5e:00:53:32","","" ↓
- Enter an unique Device ID in the third field of each line. Make sure that the same Device IDs are not already registered in AMF Security mini's database.
"+","device"," device1 ","","","%ports","%port","00:00:5e:00:53:30","","" ↓
"+","device","device2 ","","","%ports","%port","00:00:5e:00:53:31","","" ↓
"+","device","device3 ","","","%ports","%port","00:00:5e:00:53:32","","" ↓
- Enter notes in the 4th fields and tags in the 5th fields depending on your needs.
Here, enter "added by whitelist on 20XX/11" in the Note. Leave the tags blank.
"+","device","device1"," added by whitelist on 20XX/11 ","","%ports","%port","00:00:5e:00:53:30","","" ↓
"+","device","device2","added by whitelist on 20XX/11 ","","%ports","%port","00:00:5e:00:53:31","","" ↓
"+","device","device3","added by whitelist on 20XX/11 ","","%ports","%port","00:00:5e:00:53:32","","" ↓
- Enter interface names in the ninth fields and notes on the interfaces in the tenth fields if necessary.
Here, enter "(Device ID)-1" (example: device1-1) for Name. Leave the note blank
"+","device","device1","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:30"," device1-1 ","" ↓
"+","device","device2","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:31","device2-1 ","" ↓
"+","device","device3","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:32","device3-1 ","" ↓
- If imported CSV file contains a record with the same Device ID as an Existing one or as a previous record in the same file, only the last record is valid because the later record overwrites the previous one.
If a device has more than one interfaces, repeat the 7th to 10th fields (i.e. "%port", "MAC Address", "Interface Name" and "Note").
For example, to make two MAC addresses "00:00:5e:00:53:30" and "00:00:5e:00:53:31" belong to a single device "device1", edit the CSV file as follows.
"+","device","device1","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:30","device1-1","" ,"%port","00:00:5e:00:53:31"," ↓device1-2 ",""
"+","device","device3","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:32","device3-1","" ↓
- Now the content of the device whitelist is complete.
When security policy is not required for the devices, save the CSV file in UTF-8 and proceed to "Importing the CSV File".
- If you want to attach security policies to the devices, put a rule record ("table" = "rule") right after each device record ("table" = "device").
As an example, the following security policy is set for all devices.
Note
Elements referenced by the security policy should have been already registered in AMF Security mini's database. For example, when you are uploading a CSV file containing device records, if any of Location ID, Schedule ID, Network ID, Switch ID and Switch Port referenced by the devices' security policies are missing in AMF Security mini's database, the import fails and authentication data is not updated.
Refer to "CSV File/Exportable Information" section's "Device" for more details on the format.Table 1: Security Policies
Item Name Value Priority 10 Network Sales
"+","device","device1","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:30","device1-1","" ↓
"+","rule","device1","sesc.device","","pass","10","True","%options","m_network_name=Sales" ↓
"+","device","device2","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:31","device2-1","" ↓
"+","rule","device2","sesc.device","","pass","10","True","%options","m_network_name=Sales" ↓
"+","device","device3","added by whitelist on 20XX/11","","%ports","%port","00:00:5e:00:53:32","device3-1","" ↓
"+","rule","device3","sesc.device","","pass","10","True","%options","m_network_name=Sales" ↓
- Now the content of the device whitelist with the security policy is complete.
Save the file in UTF-8.
Importing the CSV File
Import the CSV file to AMF Security mini by taking the following steps.- Open the System Settings > System Information page.
- Click the "Import" button in the Authentication Data item to open the "Upload Authentication Data" page.
- Click the "Choose File" button, select the CSV file you edited earlier, and click the "Submit" button.
18 Jan 2021 10:56