Security

Reply
MVP
Posts: 1,392
Registered: ‎11-30-2011

Endpoint database against MAC spoofing

before i start building it id check if someone knows this for sure. the problem with MAC authentication is MAC spoofing. does the Endpoint database help here? i mean what happens when i login with a two devices with the same MAC but with clearly different OSes (Linux / Win / Mac) do two different end points end up in the database, or does one overwrite the other?

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Endpoint database against MAC spoofing

Yes!!!  We create a conflict condition if say a HP Printer (originally profiled) starts showing up as a Debian Linux device.  We can catch this and flag it as a "conflict" and based on that state you can trigger a deny or CoA termination to the network.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Endpoint database against MAC spoofing

that sounds quite good, does that mean it stays one entry with an extra flag or do multiple MAC entries get created?

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Endpoint database against MAC spoofing

It uses one entry
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: Endpoint database against MAC spoofing

So in the latest CPPM 6.2.3.57998, "conflict" has been removed. Is there an ETA when it will be re-added?

Regards,

Josh
___________
ACMP, ACCP
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Endpoint database against MAC spoofing

hadnt even noticed, been working on getting mac spoof detection working for months now, no luck. personally im starting to feel it doesnt work (anymore) and there doesnt appear to be any interest in getting it to work.

 

of course it is nothing more then a nice gimmick, even if the functionality would work in clearpass there are too many ways to bypass it.

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: Endpoint database against MAC spoofing

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Device-conflict/td-p/201891

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: