I'm pleased to see that someone else is struggling with the same problem I seem to be having.
My environment is Clearpass 6.7. I am doing 'allow-all' MAC auth so I can allow everyone on to a Quarantine VLAN, then classify the IoT devices. Users who end up in Quarantine can self-register on a portal.
When my IP camera comes onto the network, I see this in Endpoint Repository (click to enlarge):
Unclassified device (an IP camera) appears in endpoint repository
I can see that the device has been fingerprinted. As you can see below, the fingerprint shows Option 60 as being 'udhcp'.
Fingerprint
So I go back to the first tab and classify the device. I have previously created the Category, OS Family and Name - the values shown don't come in Clearpass by default. As you can see, the IP address hasn't been picked up. This is odd because the DHCP fingerprint was taken successfully, so not sure why this should be:
Classifying the device
In Access Tracker, I can see that the device is classified OK:
Access-tracker (Camera)
I then disconnect the IP camera, and use its MAC address on a Windows 7 PC. The Windows 7 PC goes into the IOT VLAN, which is not what I wanted to happen - it should get Quarantined due to a profile conflict. As you can see below, the category seems to have stayed the same, but the hostname of the PC has been picked up:
Endpoint - PC doing MAC spoofing
And in the fingerprint tab we can see that the DHCP client was a Microsoft one. Still it shows as a Foscam camera:
Windows fingerprint
As you can see, in access-tracker it is showing that there has been no profile 'conflict'. As I understand it a conflict occurs when a device changes OS or category between authentications. This is probably due to the fact that the category did indeed not change - Clearpass still thinks this is a camera, despite the new DHCP fingerprint:
No conflict reported
My enforcement policy looks like this. I am hoping that a conflict happens when the PC is profiled and discovered to be different to the Camera it is trying to masquerade as. But conflict always equals 'false' rule 4 below is not triggered.
Enforcement rules
It feels to me like fingerprinting is happening, but policy manager is not doing something right, so my policy is not working out the way I want.
Any suggestions would be most welcome!
Andrew