Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

profiling 802.1x

This thread has been viewed 3 times

  • 1.  profiling 802.1x

    Posted Dec 07, 2016 06:49 PM

    Hi,

     

     I'm trying 802.1X on an Aruba deployment but on the clearpass cannot get the device profiling like: Computer, Phone, windows, android, etc..

     

     I can get them when performing captive portal but not with 802.1X.

     

     Suggestions..



  • 2.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 07, 2016 06:51 PM
    Do you have DHCP helper addresses pointed to ClearPass?


  • 3.  RE: profiling 802.1x

    Posted Dec 07, 2016 06:59 PM

    Where shoul I set that? I'm in an instant scenario.



  • 4.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 07, 2016 07:03 PM
    Wherever the L3 gateway is for the client.


  • 5.  RE: profiling 802.1x

    Posted Dec 07, 2016 07:08 PM

    You mean, if my gateway is the firewall, should I set up that on the firewall?



  • 6.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 07, 2016 07:12 PM
    Yes, wherever the default gateway for the client is.


  • 7.  RE: profiling 802.1x

    Posted Dec 07, 2016 09:11 PM

    Is Aruba Profling better than Greatbay Software Profiler?



  • 8.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 08, 2016 01:46 PM

    Of course it is! Are you considering deploying ClearPass at Cisco?

    Be sure to reach out to your local Aruba team to get started.



  • 9.  RE: profiling 802.1x

    Posted Dec 09, 2016 11:47 AM

    Why do i need to set that when doing the 802.1x and not for the captive portal?



  • 10.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 09, 2016 12:10 PM
    With 802.1x, profiling takes place after successful authentication, so the device needs to have been authenticated first, before being profiled.


  • 11.  RE: profiling 802.1x

    Posted Dec 09, 2016 01:02 PM

    When I log into the portal i get the device info in the access tracker without configure any helper address but with 802.1x the helper address is necessary. Why?



  • 12.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 09, 2016 01:17 PM
    We use information in the DHCP discover packet to profile the device.


  • 13.  RE: profiling 802.1x

    EMPLOYEE
    Posted Dec 09, 2016 01:58 PM
    @ivanvera wrote:

    When I log into the portal i get the device info in the access tracker without configure any helper address but with 802.1x the helper address is necessary. Why?

    ClearPass can also profile devices via user-agent, when a user requests a captive portal page from ClearPass:

    Screenshot 2016-12-09 at 12.54.49.png

    http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/PolicyProfile/Profile_overview.htm