Security

 View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass scan network, found Cisco switch as an "endpoint"

This thread has been viewed 18 times
  • 1.  Clearpass scan network, found Cisco switch as an "endpoint"

    Posted Dec 06, 2022 06:15 AM
    Hi,

    I wanted to know if anyone used "network scann" in ClearPass?
    ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
    And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
    Why did it happen? And how can it be solved?
    Clearpass version - 6.10.


  • 2.  RE: Clearpass scan network, found Cisco switch as an "endpoint"

    Posted Dec 06, 2022 08:52 AM
    Is the switch a managed switch?  Something else?  How is it cabled into the network?  Is this a switch you actually own and control?

    I never recommend using the automated device discovery tools for this very reason.  Also IMHO when implementing a NAC solution, knowing the layout of your access layer is just as important from a security prospective as the endpoint authentication/authorization.


  • 3.  RE: Clearpass scan network, found Cisco switch as an "endpoint"

    Posted Dec 06, 2022 11:41 AM

    thank you for your reply.

    Yes, it's the managed switch. It's connect to L3 device, the it's L3 device connect to NAC directly. And it's my own switch, which is controlled by me. 

    Why is the Clearpass discovered switch as a endpoint?  




  • 4.  RE: Clearpass scan network, found Cisco switch as an "endpoint"

    EMPLOYEE
    Posted Dec 07, 2022 05:20 AM
    Did you follow Monitoring Discovered Devices to add those as Network Devices?

    Also, if you use Network Scan, it uses SNMP to 'seed devices' and from there tries to find neighbors and add those as well.
    Subnet scan will scan a full subnet; and I think all devices that responded are added to the endpoints as well.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Clearpass scan network, found Cisco switch as an "endpoint"

    Posted Dec 07, 2022 05:38 AM

    thank you for your reply.

    In my Monitoring Discovered Devices, It show nothing. 


    Clearpass found the switches as a Endpoint:

    And now I can't add this device, because it's found as endpoint, not devices. 

    How could I scan network to find switch as a device?




  • 6.  RE: Clearpass scan network, found Cisco switch as an "endpoint"

    EMPLOYEE
    Posted Dec 08, 2022 05:42 AM
    Network Devices can be perfectly also available as Endpoint; these databases are completely independent and have different purposes.

    If you don't see the devices under discovered devices, they probably did not respond correctly to the SNMP queries, or they don't share neighbor information (LLDP/CDP). You can always manually add your switches to the Network devices, and if they share the same RADIUS/TACACS secrets you can even add them as subnet (example: 10.254.0.0/24). The discovery is typically only used in very large networks and for the first time installation to speed up populating your Network Devices.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------