Security

Hello,

I would like to use ClearPass on-demand nmap scans to more accurately classify previously unclassified endpoints with static IPs (no DHCP). For this purpose, the generic HTTP context server has an action called "OnDemand Endpoint Scan" with the description "Perform on-demand asynchronous scan for selected endpoint and post the result to profiler".

I have created an HTTP-based enforcement profile with the attributes 'Target server = localhost' and 'Action = OnDemand Endpoint Scan' and added it to my Mac-Auth policy. Unfortunately, no scan seems to take place even though the according policy rule is hit.

Is there a more detailed description of this feature somewhere, e.g. what settings are required elsewhere? Has anyone already implemented this successfully and can perhaps post some screenshots of the relevant settings?

Many thanks in advance!

P.S. The automatic endpoint profiling in the ClearPass service is not usable for me, as this can obviously only trigger RADIUS CoA actions, but not nmap scans. And RADIUS CoA port bounce actions are only possible there if you have exactly one switch vendor type. In reality, however, there are more than one switch vendor types - sometimes side by side ;)

-Andreas

Hello,

I would like to use ClearPass on-demand nmap scans to more accurately classify previously unclassified endpoints with static IPs (no DHCP). For this purpose, the generic HTTP context server has an action called "OnDemand Endpoint Scan" with the description "Perform on-demand asynchronous scan for selected endpoint and post the result to profiler".

I have created an HTTP-based enforcement profile with the attributes 'Target server = localhost' and 'Action = OnDemand Endpoint Scan' and added it to my Mac-Auth policy. Unfortunately, no scan seems to take place even though the according policy rule is hit.

Is there a more detailed description of this feature somewhere, e.g. what settings are required elsewhere? Has anyone already implemented this successfully and can perhaps post some screenshots of the relevant settings?

Many thanks in advance!

P.S. The automatic endpoint profiling in the ClearPass service is not usable for me, as this can obviously only trigger RADIUS CoA actions, but not nmap scans. And RADIUS CoA port bounce actions are only possible there if you have exactly one switch vendor type. In reality, however, there are more than one switch vendor types - sometimes side by side ;)

-Andreas

NMAP offers little value in my experience.  For these endpoints you should consider a SPAN-based profiler instead.  Like Aruba Central Device Insights or Ordr.

Hello,

I would like to use ClearPass on-demand nmap scans to more accurately classify previously unclassified endpoints with static IPs (no DHCP). For this purpose, the generic HTTP context server has an action called "OnDemand Endpoint Scan" with the description "Perform on-demand asynchronous scan for selected endpoint and post the result to profiler".

I have created an HTTP-based enforcement profile with the attributes 'Target server = localhost' and 'Action = OnDemand Endpoint Scan' and added it to my Mac-Auth policy. Unfortunately, no scan seems to take place even though the according policy rule is hit.

Is there a more detailed description of this feature somewhere, e.g. what settings are required elsewhere? Has anyone already implemented this successfully and can perhaps post some screenshots of the relevant settings?

Many thanks in advance!

P.S. The automatic endpoint profiling in the ClearPass service is not usable for me, as this can obviously only trigger RADIUS CoA actions, but not nmap scans. And RADIUS CoA port bounce actions are only possible there if you have exactly one switch vendor type. In reality, however, there are more than one switch vendor types - sometimes side by side ;)

-Andreas