Security

Reply
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

ClearPass Policy Manager Profiling

Hello. I have my controller arubaOS 6.1 and ClearPass Policy Manager 6.2 with Profiling. When user login in the ssid with 802.1x. ClearPass Profiling not device categorized. I have available dhcp fingerprinter in the controller?

 

The controller device categorized ipad. Attachment imagen.

 

Thanks

Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: ClearPass Policy Manager Profiling

Are you forwarding DHCP traffic of your clients to the ClearPass Policy Manager using a helper address?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: ClearPass Policy Manager Profiling

Not, as acive?

Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: ClearPass Policy Manager Profiling

Not, as active?

Guru Elite
Posts: 8,796
Registered: ‎09-08-2010

Re: ClearPass Policy Manager Profiling

You should add a helper address pointing to the ClearPass server(s) to each
subnet where you would like profiling to occur.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: ClearPass Policy Manager Profiling

where this option is available?

Guru Elite
Posts: 8,796
Registered: ‎09-08-2010

Re: ClearPass Policy Manager Profiling

You need to do it on the router interface (SVI / RVI) for the user subnet.

 

In most deployments this is on an upstream device. 

 

    interface vlan 100

        ip helper-address <clearpass server>

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: ClearPass Policy Manager Profiling

Excellent. The option is correct.

 

Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: ClearPass Policy Manager Profiling

the ip helper-address what protocol our port use?.

 

Guru Elite
Posts: 8,796
Registered: ‎09-08-2010

Re: ClearPass Policy Manager Profiling

[ Edited ]

ClearPass reads the DHCP discover packet.

 

[CLIENT]  UDP 0.0.0.0:68 -> 255.255.255.255:67 --> [ROUTER] UNICAST RELAY


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: