Security

Reply
Super Contributor II
Posts: 368
Registered: ‎09-05-2012

CPPM Endpoint profiled then not profiled

Hi,

 

We brought a new CPPM server online in one of our remote offices and joined it to the existing cluster.

 

Since then I have been having some strange issues with the Endpoints DB.

I have one endpoint in particular that keeps switching between being profiled and not profiled.

 

It seems that after a successful machine authentication, it is profiled, the next time it performs machine authentication, it then becomes not profiled. I am not doing anything that would change this status in the enforcement profiles.

 

Has anyone seen this behavior before?

 

On a side note, for the IP helper addresses that we configure to help with DHCP finger printing, should we be targetting the publisher? Or the subscriber in each remote location?

 

Thank you,

 

Cheers

 

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: CPPM Endpoint profiled then not profiled

What version are you running ?

You should have all the CPPMs IP address as DHCP relays
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor II
Posts: 368
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

So for each subnet we should configure each CPPM as a dhcp relay in every location? I didn't know that!

Thank you. I will configure that in the morning.

 

As for the verison. We are running 6.5.4.76733 across all 3 CPPM servers.

Contributor I
Posts: 23
Registered: ‎09-17-2012

Re: CPPM Endpoint profiled then not profiled

What is the reason for listing all servers as helpers? Redundancy or some other advantage in doing it?

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: CPPM Endpoint profiled then not profiled

Honestly, you should only need to point to a single CPPM instance with profiler running.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 368
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

What would be the best CPPM to point the IP helper address to?

 

I was thinking that the issue with endpoint becoming unprofiled was because the Subscriber was learning the finger print and profiling the device and when the publisher did the sync it was overwriting it. But perhaps that is not the case.

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: CPPM Endpoint profiled then not profiled

The server that has the following enabled:

profiler.png

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Super Contributor II
Posts: 368
Registered: ‎09-05-2012

Re: CPPM Endpoint profiled then not profiled

I have confirmed that all three of the CPPM servers in the cluster have this feature enabled.

 

Is there anything else that could cause this behavior?

 

Is the process of profiling logged by the CPPM somewhere that I could maybe look at?

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: CPPM Endpoint profiled then not profiled

no direct experience with this issue, but if you don't want to involve TAC (which could also be route of course) then you could try turning it off on two of them do determine if that perhaps helps.

Search Airheads
Showing results for 
Search instead for 
Did you mean: