The new version 16.06 of ArubaOS-Switch has introduced many infrastructure, redundancy, and security related features. Among the list of features, Device Fingerprinting is a standout feature of ArubaOS-Switch version 16.06.
Device fingerprinting helps categorize the devices by analyzing the data sent by the end devices. When a specific device is fingerprinted, the details can be used to provide controlled network access and bandwidth for the end devices by ClearPass.
Administrators can create appropriate access and enforcement policies in ClearPass during authentication. For example, the devices which are fingerprinted or profiled as computers will be given access to specific VLAN and the devices which are categorized as phones will be given access to another VLAN. Device fingerprinting can be enabled per-port.
The following are some of the benefits of implementing Device Fingerprinting feature in ArubaOS-Switch running version 16.06.
1) Device fingerprinting solution supported on ArubaOS-Switch can be configured on ports where authentication is enabled or not.
2) This solution has an advantage over the competitors’ implementation where the feature is supported only on ports authentication enabled ports (since the fingerprinting data is sent over accounting packets).
3) Device fingerprinting solution supported in ArubaOS-Switches can parse multiple TLVs from LLDP and CDP protocols, and collates the information to be sent to ClearPass.
4) Device fingerprinting solution implemented in ArubaOS-Switches can parse protocols such as HTTP, LLDP and CDP sent by clients even if the static IP address is configured. These details can be sent to ClearPass server as input data for fingerprinting.
The attached document provides in-depth details about Device Fingerprinting configurations and limitations. Please, take a look at the attached document and let us know what you think.
Any recoomendiation between using this or regular DHCP and port scanning that is built into Clearpass
I like to configure both, if possible. This grabs DHCP, HTTP, LLDP, and CDP. Clearpass will grab DHCP and HTTP but only if an HTTP(S) connection is attempted to it. Or, IF-MAP is configured on the controller.
2) This solution has an advantage over the competitors' implementation where the feature is supported only on ports authentication enabled ports (since the fingerprinting data is sent over accounting packets).
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.