Security

Reply
Contributor I

Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

I focus a strange issue in Clearpass 6.7.3.

 

When a wired endpoint connect the first time, dhcp fingerprint works correctly, profiling profiled it as computer, do a correct COA session termination.

 

But when i remove the endpoint and reconnect the endpoint within 5 minutes DCHP Fingerprint is not received and profiling dont happens.

 

I stubble this issue for two weeks now. Google, aruba documentation and other topics here dont give me the answer.

 

I hope that some CP experts here can help me with solve this issue.

 

See attachment with screenshots and detailed information.

 

 

 

 

 

 

 

Guru Elite

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Devices are not reprofiled within a 5 minute window.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Hi Cappalli,

 

Thanks for the quick and clear answer, appreciate your involvement on airheads!

 

So... From a hackers mind, it knowns that printer are mostly not accept 802.1x. So i turn off and on a printer, its profiled again as printer (conflict will be true). I reconnect within 5min with my MAC spoofed notebook, and iam in your Printer vlan (without a conflict). Hopefully the printer vlan is protected by the firewall ;)

 

Is there some good reason why dhcp profiling only take place once again after 5 minutes. It maybe could a nice feature. I dont think it should take a lot more of resources of CP because it isnt a normal behavior of a normal client.

 

Thanks for help me out here!

 

 

 

Contributor I

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Guru Elite

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Why would a headless network be more privileged than an end user?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: