Security

 View Only

  • 1.  Endpoint profiling - force re-profile

    Posted Apr 05, 2016 05:51 PM

    I've been playing around with wired 802.1x w/ MAC authentication fallback - doing authorisation based on device fingerprint in the endpoint database.

     

    Is there any way to force the endpoint's profile information to be updated with every DHCP request that gets relayed to ClearPass? Looking at using this mechanism to stop MAC address spoofing...



  • 2.  RE: Endpoint profiling - force re-profile
    Best Answer

    Posted Apr 05, 2016 06:03 PM
    That already happens. If the endpoint category changes, the Conflict flag will be changed to true.

    Sent from Nine<>


  • 3.  RE: Endpoint profiling - force re-profile

    Posted Apr 05, 2016 06:05 PM

    Cool - are there any time constraints around this? Or caching?

     

    Is there any special config required or just pointing DHCP helpers to ClearPass?



  • 4.  RE: Endpoint profiling - force re-profile

    Posted Apr 05, 2016 06:07 PM
    No, just the DHCP helper address or span port.

    Sent from Nine<>


Related Content