Security

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.

Is the switch a managed switch?  Something else?  How is it cabled into the network?  Is this a switch you actually own and control?

I never recommend using the automated device discovery tools for this very reason.  Also IMHO when implementing a NAC solution, knowing the layout of your access layer is just as important from a security prospective as the endpoint authentication/authorization.
Original Message:
Sent: Dec 06, 2022 06:14 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.

thank you for your reply.

Yes, it's the managed switch. It's connect to L3 device, the it's L3 device connect to NAC directly. And it's my own switch, which is controlled by me. 

Why is the Clearpass discovered switch as a endpoint?  

Original Message:
Sent: Dec 06, 2022 08:51 AM
From: Unknown User
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Is the switch a managed switch?  Something else?  How is it cabled into the network?  Is this a switch you actually own and control?

I never recommend using the automated device discovery tools for this very reason.  Also IMHO when implementing a NAC solution, knowing the layout of your access layer is just as important from a security prospective as the endpoint authentication/authorization.
Original Message:
Sent: Dec 06, 2022 06:14 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.

Did you follow Monitoring Discovered Devices to add those as Network Devices?

Also, if you use Network Scan, it uses SNMP to 'seed devices' and from there tries to find neighbors and add those as well.
Subnet scan will scan a full subnet; and I think all devices that responded are added to the endpoints as well.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 06, 2022 06:14 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.

thank you for your reply.

In my Monitoring Discovered Devices, It show nothing. 

Clearpass found the switches as a Endpoint:

And now I can't add this device, because it's found as endpoint, not devices. 

How could I scan network to find switch as a device?

Original Message:
Sent: Dec 07, 2022 05:20 AM
From: Herman Robers
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Did you follow Monitoring Discovered Devices to add those as Network Devices?

Also, if you use Network Scan, it uses SNMP to 'seed devices' and from there tries to find neighbors and add those as well.
Subnet scan will scan a full subnet; and I think all devices that responded are added to the endpoints as well.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2022 06:14 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.

Network Devices can be perfectly also available as Endpoint; these databases are completely independent and have different purposes.

If you don't see the devices under discovered devices, they probably did not respond correctly to the SNMP queries, or they don't share neighbor information (LLDP/CDP). You can always manually add your switches to the Network devices, and if they share the same RADIUS/TACACS secrets you can even add them as subnet (example: 10.254.0.0/24). The discovery is typically only used in very large networks and for the first time installation to speed up populating your Network Devices.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 07, 2022 05:37 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

thank you for your reply.

In my Monitoring Discovered Devices, It show nothing. 

Clearpass found the switches as a Endpoint:

And now I can't add this device, because it's found as endpoint, not devices. 

How could I scan network to find switch as a device?

Original Message:
Sent: Dec 07, 2022 05:20 AM
From: Herman Robers
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Did you follow Monitoring Discovered Devices to add those as Network Devices?

Also, if you use Network Scan, it uses SNMP to 'seed devices' and from there tries to find neighbors and add those as well.
Subnet scan will scan a full subnet; and I think all devices that responded are added to the endpoints as well.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2022 06:14 AM
From: Almas Serikbayev
Subject: Clearpass scan network, found Cisco switch as an "endpoint"

Hi,

I wanted to know if anyone used "network scann" in ClearPass?
ClearPass scanned the network and it found a Cisco switch. But for some reason ClearPass placed it as an "endpoint" and not as a "discovered device".
And for the fact that he discovered it as an "endpoint", I cannot add it as a network device.
Why did it happen? And how can it be solved?
Clearpass version - 6.10.