Security

th_son · ‎11-09-2015

Hi,

We brought a new CPPM server online in one of our remote offices and joined it to the existing cluster.

Since then I have been having some strange issues with the Endpoints DB.

I have one endpoint in particular that keeps switching between being profiled and not profiled.

It seems that after a successful machine authentication, it is profiled, the next time it performs machine authentication, it then becomes not profiled. I am not doing anything that would change this status in the enforcement profiles.

Has anyone seen this behavior before?

On a side note, for the IP helper addresses that we configure to help with DHCP finger printing, should we be targetting the publisher? Or the subscriber in each remote location?

Thank you,

Cheers

Victor Fabian · ‎11-09-2015

What version are you running ?

You should have all the CPPMs IP address as DHCP relays

th_son · ‎11-09-2015

So for each subnet we should configure each CPPM as a dhcp relay in every location? I didn't know that!

Thank you. I will configure that in the morning.

As for the verison. We are running 6.5.4.76733 across all 3 CPPM servers.

miker · ‎11-10-2015

What is the reason for listing all servers as helpers? Redundancy or some other advantage in doing it?

cjoseph · ‎11-10-2015

Honestly, you should only need to point to a single CPPM instance with profiler running.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

th_son · ‎11-10-2015

What would be the best CPPM to point the IP helper address to?

I was thinking that the issue with endpoint becoming unprofiled was because the Subscriber was learning the finger print and profiling the device and when the publisher did the sync it was overwriting it. But perhaps that is not the case.

cjoseph · ‎11-10-2015

The server that has the following enabled:

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

th_son · ‎11-10-2015

I have confirmed that all three of the CPPM servers in the cluster have this feature enabled.

Is there anything else that could cause this behavior?

Is the process of profiling logged by the CPPM somewhere that I could maybe look at?

boneyard · ‎12-26-2015

no direct experience with this issue, but if you don't want to involve TAC (which could also be route of course) then you could try turning it off on two of them do determine if that perhaps helps.

Security

CPPM Endpoint profiled then not profiled

CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Re: CPPM Endpoint profiled then not profiled

Follow Us