Security

Reply
Super Contributor I

clearpass endpoint profiler Device name= windows

I'm using the endpoint profiler in clearpass to detect Windows XP machines which are then dropped  into a quarantine vlan with a captive portal that says "Windows XP not supported...."

 

We did test this on a network team laptop and everything seemed to work .... and now it doesn't

 

What seems to have hapened is that for whatever reason, the endpoint profiler has decided to assign the XP machine a Device Name of Windows and not Windows XP. The other Windows device names are self explanatory but under what conditions does clearpass just define a device as "Windows" ?

 

What's also strange is that all the machines ( there are 10 of them out of 63000 ish ) are in our network team office and we know that a whole batch of them are Windows 7 machines. Can't be a coincidence...

 

What about embedded XP devices such as EPOS devices, do they come up as Windows XP or something else?

 

Rgds

A

Guru Elite

Re: clearpass endpoint profiler Device name= windows

Are you using Aruba controllers?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I

Re: clearpass endpoint profiler Device name= windows

Yes but we don't assign IP addresses from them. We have another system that provides 

DHCP services for both our wired and wireless networks.

 

I've set up an IP Helper address on all routing endpoints in our network to forward DHCP requests to clearpass. That way clearpass gets to see every device using our network  and I can see what device types clearpass thinks a client is.

 

A

 

 

Guru Elite

Re: clearpass endpoint profiler Device name= windows

Do you have IF-MAP configured between the controllers and ClearPass?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: clearpass endpoint profiler Device name= windows

If you enable IF-MAP, you can use a combination of the IF-MAP data and the Aruba-Device-Type from the RADIUS request as a way to tag Windows XP devices.

 

ifmap-xp.png

 

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Tip-Using-IF-MAP-fingerprints-to-identify-legacy-devices/m-p/156396/


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: