Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Endpoint profiling - force re-profile

This thread has been viewed 14 times

  • 1.  Endpoint profiling - force re-profile

    Posted Apr 05, 2016 05:51 PM

    I've been playing around with wired 802.1x w/ MAC authentication fallback - doing authorisation based on device fingerprint in the endpoint database.

     

    Is there any way to force the endpoint's profile information to be updated with every DHCP request that gets relayed to ClearPass? Looking at using this mechanism to stop MAC address spoofing...



  • 2.  RE: Endpoint profiling - force re-profile
    Best Answer

    EMPLOYEE
    Posted Apr 05, 2016 06:03 PM
    That already happens. If the endpoint category changes, the Conflict flag will be changed to true.

    Sent from Nine<>


  • 3.  RE: Endpoint profiling - force re-profile

    Posted Apr 05, 2016 06:05 PM

    Cool - are there any time constraints around this? Or caching?

     

    Is there any special config required or just pointing DHCP helpers to ClearPass?



  • 4.  RE: Endpoint profiling - force re-profile

    EMPLOYEE
    Posted Apr 05, 2016 06:07 PM
    No, just the DHCP helper address or span port.

    Sent from Nine<>