Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM Profiling

This thread has been viewed 30 times
  • 1.  CPPM Profiling

    Posted 25 days ago
    Hello,

    I'm working with active and passive profiling, I'm managing a project where we need to pickup information about all devices connected to the NADs where we're going to implant CPPM Policies. I don't have any problem about the services, I've a service recollecting information and profiling devices but I've to make this job in many switches and I'd like to filter these output by NAD, in other words, in the CPPM's Endpoint section I'd like to filter by switch to check quickly the ports about CPPM has been able to recollect information.

    Is there any way to make that? I've not fount any way to make a filter by NAD, the only thing that I've seen is the chance of make a filter by "location", I understand if I would send the location in the Radius requests of my NADs, this field could help me to filter the Endpoints, buy I think that there have to be any other form to make that.

    Thank you very much.


  • 2.  RE: CPPM Profiling

    Posted 25 days ago

    Hi Adan,

    for a very similar reason I use the following solution (Update Endpoint Profile):

    Profile -> Endpoint Last Known Location = %{Connection:NAD-IP-Address} %{Radius:IETF:NAS-Port}

    From now on, you can search your endpoint db via "Attribute" "Last Known Location".




  • 3.  RE: CPPM Profiling

    Posted 25 days ago
    Hi,
    You could cfeate an attribute when authenticating the device and assign the NAD IP address to it. That way in the endpoint  search facility 

    you could search for your attriburte and the ip address of the device it came from

    Rgds
    Alex

    ------------------------------
    Alex Sharaz
    ------------------------------