There are several ways to profile devices with a static IP. The most efficient way is using the ARP data. That way only real, connected devices are being probed. The other ways of network and subnet scan are much less efficient as they scan the whole subnet. If you have class B subnet, for example, it is not feasible to do a subnet scan over 65,534 addresses. For class C a scan take about an hour.
Clearpass supports using SNMP to ask a NAD for the ARP table. You need to define the Layer 3 device which knows about the required client addresses, as a NAD device to Clearpass.
Though, there are network devices which do not support sending the ARP table via SNMP. For example: Palo Alto and Checkpoint firewall devices.
My cool workaround for this challenge: Use a windows (or Linux) computer as an ARP proxy:
For example, this is what I did:
Note that if SNMP client (service) is not installed on the Windows computer, you need to add it to the windows client (add a Windows feature). You also need to edit the SNMP service and add the SNMP community in the Security tab.
(Sagi - email@example.com)
can you provide the information how you do the arp read from palo alto.
Thanks for your help.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.