07-12-2016 01:31 PM
I am planning on replacing ACS with clearpass for TACACS+ services... All of my network switches are located behing a common management IP subnet. I would really like to be able to just discover all my network devices by IP range but ,we have a mixed vendor environment. Which means I need to be able to apply different command sets for each vendor. I know that is possible via device groups but it looks like I need to mannually add each device to ClearPass in order to group them into 2 buckets (vendor A & B).
Does any one know if it's possible to auto discover the vendor/device type when doing a discovery by IP range? Or is ther a way to get that information from the incoming TACACS requests? I checked access tracker during my testing but, I don't see any info on the device type for the incomming requests.
Any guidace is greatly appreciated!
07-12-2016 01:33 PM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
07-13-2016 07:10 AM
Oh ok... I am not too familiar with the new features in 6.6 since my box is still running 6.5. Thanks for pointing me in the right direction. I see now from the release notes that it's based on SNMP scan of a seed device which is cool, and I am assuming the captured SNMP information is then converted into computed attributes for server filtering or enforcement policies...
Can you expand a bit on the seed network device? Does that mean I only need to discover 1 device from each type of vendor? or does that still mean I need to add everything in my network inventory and each unit is a seed for snmp info?
Only thing is that I am not sure about having "yet another snmp tool" scanning our environment. I will need to play with this feature more once I upgrade.