11-14-2014 02:56 AM
We're about to roll out a new family of switches which will use our clearpass cluster for both mac and 802.1x authentication. Our old way of supporting wired authentication is via freeradius and a whole batch of flat text files that tell FreeRadius which vlan to drop a client device into.
While I can set up an enforcement policy to assign a named vlan based upon endpoint database contents, as we can't locally add dhcp signatures (can we?) what are the procedures for submitting new dhcp fingerprints to Aruba and how long would it take to see a clearpsss endpoint profile update reflecting our updates?
11-14-2014 03:32 AM
11-14-2014 04:05 AM
I guess that's not going to be a quick process then. We seem to have a lot of strange Building Management or A/V devices that we'll need to categorise in some manner so that we can assign them to the appropriate VLAN. Would be a pain if we have to edit every individual client device
11-14-2014 04:08 AM
11-15-2014 12:20 AM
You can work with your local Clearpass SE or SE. Depending on how many devices that are not showing up profiled they might be able to get them submited and added to the next update.
The enpoint updates go out usually every two weeks unless there are a large amount that need to be pushed.
Tim is correct you will still need to submit a screen shot of the DHCP fingerprint that is at the bottom of the endpoint and what it should show up as in a TAC case so the items can be tracked and profiled correctly.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
11-15-2014 12:55 AM
Just to go back to windows ls detection. Under what conditions does clearpass just return a device name of Windows?
At one point I had 10 out of 11k windows devices. Might be a coincidence but after turning on if-map this turned into 150 in a matter of mins. As I mentioned previously (different thread) out of the initial 10 we knew that most of them were either win 7 or win 8 machines