Security

 View Only
last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass API Modify Device Categorization

This thread has been viewed 22 times

  • 1.  Clearpass API Modify Device Categorization

    Posted Nov 29, 2021 03:33 PM
    We leverage the Clearpass API to modify device categorization and recently is seems to have stopped working. We post JSON to https://<CPPM-FQDN>/async_netd/deviceprofiler/endpoints and the JSON content is as follows:

    {"mac": "001122334455", "device": {"category": "SmartDevice", "family": "Android", "name": "Android"}}​


    Printing debug output of the UA POST returns a 200, so I don't get any errors on the client side but the endpoint categorization does not change. We're running Clearpass 6.10.2 - has anyone else seen this or can replicate the problem?



  • 2.  RE: Clearpass API Modify Device Categorization

    Posted Nov 29, 2021 04:08 PM
    Follow-up: testing with a simple cURL command also returns a 200 (ok) but no update to the endpoint - classification remains static.

    # curl --user user:pass -X POST https://<CPPM-FQDN>/async_netd/deviceprofiler/endpoints -H "Content-Type: application/json" \ 
-d '{"mac": "001122334455", "device": {"category": "SmartDevice", "family": "Android", "name": "Google"}}'        

<html>
 <head>
  <title>200 OK</title>
 </head>
 <body>
  <h1>200 OK</h1>
  <br /><br />
 </body>

    Original Message


  • 3.  RE: Clearpass API Modify Device Categorization

    EMPLOYEE
    Posted Nov 30, 2021 03:58 AM
    As far as I know, there is no (official) API that allows setting profiler data. The XML API Guide even spells out that it is not supported.

    I found this post where someone claims that it works nevertheless; syntax looks pretty much the same as what you have, and behavior 200 OK but no change also is reflected in that post.

    You could try to open a TAC case, but it may be that they tell you that setting profiling data through API is unsupported.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 4.  RE: Clearpass API Modify Device Categorization

    Posted Nov 30, 2021 07:07 AM
    Interesting - we've been leveraging this API for many years and only recently it stopped working.

    I opened a ticket with TAC. 



    Original Message


  • 5.  RE: Clearpass API Modify Device Categorization

    Posted Dec 02, 2021 10:20 AM

    The API functionality started working again the following morning with no intervention on my part.

     

    We were seeing some odd performance issues with our Clearpass instance, so I'm wondering if I encountered some database locks or other problem preventing the data from being written to the database.

     

    Nonetheless the syntax is valid and successfully updates the device categorization as intended.

     




    Original Message


  • 6.  RE: Clearpass API Modify Device Categorization

    MVP GURU
    Posted Dec 07, 2021 08:37 AM
    With CPPM 6.9, we can add device on FingerPrint engine

    it is possible my Module PowerArubaCP -> https://github.com/PowerAruba/PowerArubaCP#device-fingerprint (using api/device-profiler/device-fingerprint uri)

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 7.  RE: Clearpass API Modify Device Categorization

    Posted Dec 08, 2021 01:48 PM
    The use of IoT devices on wired and wireless networks isshifting IT's focus. Many organizations secure their wirelessnetworks and devices, but may have neglected the wiredports in conference rooms, behind IP phones and in printerareas. Wired devices – like sensors, security cameras andmedical devices – force IT to think about securing the millionsof wired ports that could be wide open to security threats.Because these devices may lack security attributes andrequire access from external administrative resources, appsor service providers, wired access now poses new risks.

    ------------------------------
    Melany Russel
    ------------------------------
    -------------------------------------------
    upsers portal

    Original Message:
    Sent: Nov 29, 2021 03:32 PM
    From: Tobias Heaton
    Subject: Clearpass API Modify Device Categorization

    We leverage the Clearpass API to modify device categorization and recently is seems to have stopped working. We post JSON to https://<CPPM-FQDN>/async_netd/deviceprofiler/endpoints and the JSON content is as follows:

    {"mac": "001122334455", "device": {"category": "SmartDevice", "family": "Android", "name": "Android"}}​


    Printing debug output of the UA POST returns a 200, so I don't get any errors on the client side but the endpoint categorization does not change. We're running Clearpass 6.10.2 - has anyone else seen this or can replicate the problem?