Background

Help Desk agents may be required to remove blackhole registrations for wireless devices. For details on when to use these steps, see Security - Wireless Security Procedure.

Important: Before following the steps below, you must have already confirmed that the user has cleaned their infected machine.

Registrations are blocked with Manifest and ClearPass Policy Manager. Manifest is used only for affiliated wireless users (i.e. those who have NetIDs) and prevents them from registering additional devices on UWNet and eduroam. ClearPass Policy Manager is always used, as it prevents the blackholed user's existing device(s) from connecting.

Note: In the unlikely event that no available agents are authorized to remove blackholed registrations, set the first line of the description field in WiscIT to AM REMOVE WIRELESS REGISTRATION, forward the call to US-Help Desk, and set the expectation with the customer that the registration will not be removed until the start of the next business day.

Procedure

If you are removing guest registration, go directly to the ClearPass Policy Manager steps.

1. Log into Manifest and look for the folder uw:domain:uwnet.wisc.edu. In this folder you should see the blackhole group. Click the Details button.

   

2. Under the Members tab, locate the user in question, check the box next to their entry, and click Remove selected member(s).

   

3. Next go to the ClearPass Policy Manager and log in with your NetID and password.

   

4. If this is your first time using ClearPass Policy Manager, you will need to make some initial changes to your view. If you have already done this, jump to the next step.

   1. By default, the Access Tracker section will only show one server; you need to add all servers. To do this, click Edit in the Access Tracker section.

      

   2. In the dropdown menu for Select Server/Domain, choose default (10 servers), then click Save.

      

5. Next, open the Configuration tab at the bottom of the page.

   

6. Under the Configuration tab, select Endpoints.

   

7. In the Filter menu, select Attributes. Keep both smaller menus set to contains, and in the middle menu, select Username from the dropdown (this may require first selecting "More choices"). In the last field, begin typing the user's NetID and select the correct result when it appears.

   • Note: If the caller used guest registration, choose the same menu options, and search for the email address they registered with.

   

8. Click on the correct endpoint entry. Please note that there may be more than one for the same user, e.g. they may have registered both a computer and a smartphone. You only need to disable the device that has been reported.

   

9. On the endpoint details screen, change the Status from "Disabled client" to "Known client", then click Save.

   
   • Note: If the endpoint is already set to "Known", this would indicate that you are viewing the wrong endpoint. Go back and look for a "Disabled" endpoint for that user.

10. The customer should now be able to connect to UWNet. If they are currently on campus and are having trouble re-connecting, have them try switching to a different network (e.g. eduroam) if possible, before retrying UWNet. If no other connections are available, have them disable their computer's wireless for 5 minutes before trying again.