Security

Reply
Aruba

Device conflict

As you know we used to have the rule in the early 6.0 releases where you could check for device conflict. 

 

In 6.4 that feature has been re-enabled.

 

  • Conflict triggers

–Fingerprint from same source changing over time resulting in two different device profiles

  • Profiled as Computer, but assigned MAC address of a Printer
  • If old category and new category differ, conflict flag set to TRUE

–Fingerprint from different sources resulting in two different device categories

  • Profiled as Computer from DHCP but SmartDevice from HTTP
  • Profiler will check fingerprint dictionary to resolve disparity
  • If device category different from dictionary, conflict flag set to TRUE
  • Additions to tips_endpoint_profiles

–conflict (boolean)

–other_category (varchar(100))

–other_family (varchar(100))

–other_name (varchar(100))

  • These are available as authorization attributes

 

conflict1.png

 

 

 

conflict2.png

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.

Re: Device conflict

great, nice to see it return.

Occasional Contributor I

Re: Device conflict

Hi,

 

If there is a Conflict the MAC Auth doesn't fail automatic or ? I still need to put in a Rule in my Enforcment or ?

 

Rule would be like:

 

Conditions:

Authorization:[Endpoints Repositroy]:Conflict EQUALS true

 

Actions:

[RADIUS_CoA] [Aruba Terminate Session]

 

thanks a lot

Martin

Aruba

Re: Device conflict

Your logic is correct. You will need to put it at the top of your enforcement. Personally I would create a captive portal role to tell the user why they cannot connect or they will just keep trying to connect then call the help desk.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Moderator

Re: Device conflict

In 6.5 (shipping later this month) we will have the ability to trigger an automatic CoA when we detect a conflict.


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: Device conflict

things just get better :)

Re: Device conflict

Has this feature been added? If so, how do you incorporate it in your guest MAC authentication service for instance?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: Device conflict

you should be able to use the device conflicat category and based on that assign a different role or perform some other action.

Re: Device conflict

i tried getting a device in conflict status last week, but were unable to make it work. using version 6.5.4 btw.

 

i first connected with a windows laptop, was profiled correctly, fingerprint clear. then i reboot with a linux boot usb and again it was profiled correctly, only nothing showed up for conlict or such in the endpoint repository.

 

as both were main category computer it might not have been enough to trigger the conflict, would be nice if we get some more details on how it exactly works, so i also changed the MAC address of the laptop of that of a Thinclient and tried to auth. again this auth worked fine, the entry in the end point repository was updated with the linux computer hostname, but no conflict.

 

so anyone got this working (the case with DHCP finger print as method, not difference between HTTP en DHCP method) and can provide some more information on your setup?

 

as a side note it is mentioned we can do a CoA on conflict, but i don't see the category conflict on the profiling tab. i also assume i don't need the profiling tab in the service to get the conflict status enabled on the end point repository.

Guru Elite

Re: Device conflict

If you had changed it to something like a printer, the conflict should have been activated.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: