AAA, NAC, Guest Access & BYOD

NMAP Manual Subnet Scan for Profiling static objects

Aruba Employee
Q:

Does CPPM allows to configure multiple SNMP Read Only Community Strings for NMAP Manual Subnet Scan?

Use case:

I have a hybrid network with different SNMP string on each vendor devices. Is there a way, i would be able to add multiple SNMP strings in the scan?



A:

Clearpass does an NMAP scan for the subnet and does a SNMP query when port 161 is found to be open.

 

A new feature introduced in 6.5. As per this feature we can add multiple SNMP strings for NMAP scan.

 

The NMAP manual subnet scan is augmented with an SNMP Query whenever the scan discovers that UDP port 161 is open on an endpoint that results in more attributes being collected. During the NMAP manual subnet scan, the Network Scan probe detects whether SNMP port 161 is open on the device. If the port is open, an SNMP Query is triggered with a default community string (public). If the device supports SNMP and the default Read Only community string is set to public, you can obtain the MAC address of the device from the MIB value “ifPhysAddress”.

 

Feature allows configuration of multiple SNMP community strings to be used to query static IP devices discovered by the profiler. Configuration screen for this feature is in "Configuration -> Profile Settings -> [SNMP Configuration] section".

 

Version history
Revision #:
2 of 2
Last update:
‎06-23-2015 02:19 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: