Security

Hello. I have my controller arubaOS 6.1 and ClearPass Policy Manager 6.2 with Profiling. When user login in the ssid with 802.1x. ClearPass Profiling not device categorized. I have available dhcp fingerprinter in the controller?

 

The controller device categorized ipad. Attachment imagen.

 

Thanks

Are you forwarding DHCP traffic of your clients to the ClearPass Policy Manager using a helper address?

 

Not, as acive?

Not, as active?

You should add a helper address pointing to the ClearPass server(s) to each
subnet where you would like profiling to occur.

where this option is available?

You need to do it on the router interface (SVI / RVI) for the user subnet.

 

In most deployments this is on an upstream device. 

 

    interface vlan 100

        ip helper-address <clearpass server>

 

 

Excellent. The option is correct.

 

the ip helper-address what protocol our port use?.

 

ClearPass reads the DHCP discover packet.

 

[CLIENT]  UDP 0.0.0.0:68 -> 255.255.255.255:67 --> [ROUTER] UNICAST RELAY

I have the following issue.

 

I have configuration service with authentication (domain controller), Authorization (Endpoint Repository),  Role(none),

 

In the Enforcement attachment image.

 

When one device login in the ssid 802.1x. In the Identity Endpoint not assigned Profiled. The alert in access tracker is Policy server Failed to get value for attributes=[OS Family].

 

 

 

Can you please post  screenshot of the error?

 

In the Endpoint database make sure that the device you are connecting from has the information available.

 

That error might be indicating that the Endpoint profile for the device is missing the  [OS Family] attribute.

 

The device profile might be blank and only has the MAC address.

 

 

vs.

 

 

If it is blank and you have an open SSID (for guests for example) that also has the dhcp help address configured try connecting to that SSID and then check the Endpoint profile again to see if it has all the information.

 

Cheers