Wired

last person joined: 21 hours ago 

Expand all | Collapse all

Device not profiled, even if DHCP packet is receive by clearpass

This thread has been viewed 13 times
  • 1.  Device not profiled, even if DHCP packet is receive by clearpass

    Posted Aug 30, 2021 10:35 AM
    Hello all,
    I try to understand why ma device are not profiled, I have the license, the server (2 of them in a cluster config) are receiving the dhcp request from the router.
    The device I test is a cisco AP, and I can see it under the dhcp query.

    But the endpoint repository is never iupdated with this information, so my MAB controle is never apply correctly, since the device is unknown with no fingerprint on it.

    How can I troubleshoot to understand what is wrong ? (switch, or clearpass)

    I'm running the version 6.7.12, and when a device is not profiled, it goes to a quarantine vlan, who assign it an IP address, and forward the DHCP to clear pass.


    Thanks for any help

    ------------------------------
    arno streuli
    ------------------------------


  • 2.  RE: Device not profiled, even if DHCP packet is receive by clearpass

    Posted Aug 31, 2021 04:14 AM
    In my experience, if profiled stays on 'No', and DHCP information is not updated in the endpoint, the DHCP requests are not reaching ClearPass.

    Unsure how you concluded that ClearPass is receiving the DHCP, but to be sure create a packet capture with the 'Collect Logs' option under the server manager and include the packet capture. My assumption is that you don't see the DHCP requests there, with the ClearPass IP as the destination.

    If you do see the DHCP requests, and still don't see devices being profiles, open a TAC case as that is highly unusual (i.e. have not seen that before).

    While probably unrelated to your issue, please be advised that ClearPass 6.7.x is no longer supported, so consider upgrading as well.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Device not profiled, even if DHCP packet is receive by clearpass

    Posted Aug 31, 2021 04:22 AM
    Hello,
    Thanks to take the time to answer.

    Yes the DHCP packet is reaching Clearpass, I did a packet trace and I can see it.

    Where is this filed: if profiled stays on 'No'

    I'm planning to upgrade to 6.10 ASAP, but still I need to understand why this is happening, it was working but not anymore, and I can't find out why!

    ------------------------------
    arno streuli
    ------------------------------