Security

Reply

ClearPass DHCP Profiling

Working with a client on profiling endpoints on their wireless network. We setup IP helpers on their router and wanted to confirm we are receiving the DHCP Discover/Request packets. We ran a packet capture on CPPM, but the only DHCP we are receiving are DHCP NAK packets, sourced from their DHCP server, destination was broadcast and they are on the same subnet, so that's why I think we ingested those. It doesn't appear we are receiving the correct DHCP information.

 

Is there any other ways to check besides the packet capture? I know you can also see the fingerprinting method on the endpoint, but that would be terribly challening, as this has been in production for a long time, just getting this enabled now though.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: ClearPass DHCP Profiling

Packet capture or you can work with TAC to look at the profiler logs.

Does the router offer a relay debug?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ClearPass DHCP Profiling

Ok, that's kind of what I figured. We are looking into ACLs on the router right now. 

 

We can potentially look into the logs to confirm that it is being forwarded.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: