Security

Hi Experts!!

I have a question. I have IP cameras with static IP addresses so I want to authenticate them with MAC Authentication + Profiling.
How can I configure ClearPass to do an SNMP or NMAP scan to that device (IP camera) at the moment in which it tries to connect to the network?

Kindly:
Carlos Villanueva


------------------------------
Carlos Villanueva
------------------------------

I haven't played with that in a while but I believe what you are looking for is using the "OnDemand Endpoint Scan" context server action.

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Enforce/EPHTTP_Based.htm

You will have to pack that in your enforcement policy to trigger after a successful authentication. I believe the most reliable approach is to use a "Session-Notify" enforcement profile to trigger the action as it will wait for an IP address to be updated in the database and then trigger action (Framed-IP-Address). You will need accounting enabled for that to work I believe (well should be on by default anyways).

https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/CPPM_UserGuide/Enforce/EPSession_Notifications.htm

------------------------------
I work for Aruba. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Mar 13, 2021 01:06 AM
From: Carlos Villanueva
Subject: ClearPass On-demand Static endpoint profiling

Hi Experts!!

I have a question. I have IP cameras with static IP addresses so I want to authenticate them with MAC Authentication + Profiling.
How can I configure ClearPass to do an SNMP or NMAP scan to that device (IP camera) at the moment in which it tries to connect to the network?

Kindly:
Carlos Villanueva

------------------------------
Carlos Villanueva
------------------------------

That sounds interesting, but unfortunately I'm failing at the implementation so far. Can you describe in more detail what type of enforcement profiles with which attributes and values ​​you use to trigger the Endpoint Scan? How do you select the correct HTTP Context Server Action? Which one is it?

Thanks, Andreas

Original Message:
Sent: Mar 13, 2021 01:06 AM
From: Carlos Villanueva
Subject: ClearPass On-demand Static endpoint profiling

Hi Experts!!

I have a question. I have IP cameras with static IP addresses so I want to authenticate them with MAC Authentication + Profiling.
How can I configure ClearPass to do an SNMP or NMAP scan to that device (IP camera) at the moment in which it tries to connect to the network?

Kindly:
Carlos Villanueva

------------------------------
Carlos Villanueva
------------------------------

You should consider an external profiling utility instead.  Like Aruba Central Device Insights or Ordr.

Original Message:
Sent: Mar 13, 2021 01:06 AM
From: Carlos Villanueva
Subject: ClearPass On-demand Static endpoint profiling

Hi Experts!!

I have a question. I have IP cameras with static IP addresses so I want to authenticate them with MAC Authentication + Profiling.
How can I configure ClearPass to do an SNMP or NMAP scan to that device (IP camera) at the moment in which it tries to connect to the network?

Kindly:
Carlos Villanueva

------------------------------
Carlos Villanueva
------------------------------