Security

Reply
Contributor I

Fingerprinting Windows on Clearpass

Hello!

I have a problem with mis-identification of devices connecting to our clear pass system. For example:

90-fb-a6-86-5e-ff
(SmartDevice / Windows / Windows 7 Phone)

is actually a computer. Most windows computers are being detected as smartdevices - on wired and wifi.

If I click on one in the endpoint respository the fingerprints they are mostly blank, but some are:

Endpoint Fingerprint Details
CDP Device Description:
SNMP Device Name: 90:fb:a6:e4:bf:4e
SNMP System Description:
SNMP Device Type: Unknown
LLDP System Description:
DHCP Option60: MSFT 5.0
DHCP Options: 53,61,50,54,12,81,60,55
DHCP Option55: 1,15,3,6,44,46,47,31,33,121,249,252,43
Whats the best pay to proceed. I have profling turned on the devices.

Contributor I

Re: Fingerprinting Windows on Clearpass

You can always open a case with support and submit a fingerprint with your description of what the device is. They will validate that and then add it to the weekly update that gets downloaded by the rest of the Clearpass customers. In newer versions you can change what the device is classified as and even create your own fingerprint. If you doing anything fancy you may want to do custom attributes instead of relying on the. I would guess it's not being classified wrong it's just was found that that was a smart device because that Mac address and especially Windows 10 and a windows phone are getting harder to differentiate between.
ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Contributor I

Re: Fingerprinting Windows on Clearpass

Hi

Thanks for that. Is it a weekly update? I looked on my clearpass server and it says it updated those 44 days ago. It does not offer anything newer?
Contributor I

Re: Fingerprinting Windows on Clearpass

Do you have a valid subscription? Can cppm get out to the internet?
ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Contributor I

Re: Fingerprinting Windows on Clearpass

Yes I  believe so, this is my update status:

 

AntiVirus & AntiSpyware Updates 1.48111 2017/09/14 22:00:04 Online 2017/09/14 22:22:05 Latest
Windows Hotfixes Updates 1.2134 2017/09/14 12:19:32 Online 2017/09/14 12:22:34 Latest
Endpoint Profile Fingerprints 2.533 2017/06/07 12:27:25 Online 2017/07/31 17:25:20 Updated 45 days ago
User-Agents Updates 1483988351 2017/01/09 18:59:11 Online 2017/07/31 17:25:21 Updated 45 days ago

 

is that incorrect do you know?

Re: Fingerprinting Windows on Clearpass

I see the same fingerprint version [Jun 7] in my ClearPass server, so what might be possible is that there were no (relevant) updates in the fingerprints, so the bi-weekly publishing was skipped.

 

If you find misclassified devices, please open an Aruba TAC case to get the fingerprints updated.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Contributor I

Re: Fingerprinting Windows on Clearpass

Yes, I thought it was quite out of date and then today there is an update!

 

I talked to our partner.  On the UWW controller we have, I had to enable dhcp relay - to forward on the DHCP information to clearpass.  It is working well now.  It wasn't really documentated in the Clearpass UWW guide, unless I missed it.

 

I guess the message is, if fingerprinting isn't working well, check your dhcp relay/helper.

 

Thanks for your time

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: