No we do not, this is a RADIUS Identity only service validating user authentications where ClearPass is acting as the RADIUS server for an ASA device. However, the source IP information is being captured under the following areas, but is not available for reporting apparently:
Summary: End-Host Identifier
Input: RADIUS:IETF:Calling-Station-Id
Radius:IETF:Tunnel-Client-Endpoint
We are on a C2000V virtual machine running version 6.11.7.257550 in a 2 node publisher/subscriber configuration. Insight is on the subscriber as the majority of authentication requests are sent to the VIP which is usually the publisher. There are no DHCP requests as the ASA assigns IPs to the client systems via the Any-Connect client communications. Do we need to enable the Accounting proxy on this service instead?
Alan Mercer
Technical Systems Architect
Catholic Charities
Information Technology
2300B Dulaney Valley Rd.
Timonium, Md. 21093
667-600-2270
amercer@cc-md.org
Find on Google Maps
I am now in a part-time role with Catholic Charities working approximately 2.5 days per week. As a result, responses to emails and phone calls may not be returned immediately. New support requests and urgent issues should be sent to the help desk at support@cc-md.org or calling (1-844-323-5477) .
Original Message:
Sent: 3/7/2024 3:18:00 PM
From: AZ245
Subject: RE: Insight Reports to get all endpoint information exported in csv
Thanks Alan for sharing your input on this topic.
Curious, do you have 'profiling" enabled on your Service in clearpass that serves those vpn connections?
Best of luck on that feature enhancement, that will be huge if they can fix that.
Original Message:
Sent: Mar 07, 2024 01:45 PM
From: Alan Mercer 2
Subject: Insight Reports to get all endpoint information exported in csv
Unfortunately, we are in a similar situation with RADIUS authentication of users through a VPN device. In Policy Manager we can see the Source IP address as End-Host Identifier, RADIUS:IETF:Calling-Station-Id, and RADIUS: IETF:Tunnel-Client-Endpoint. I understand not getting a MAC address in the reports on this as we are authenticating a user, not a device, but the IP address is recorded in ClearPass but does not appear to populate Insight correctly or Insight does not return the information regardless of which IP address option we choose to report on. This appears to be a bug or serious product deficiency. I have opened a support ticket with Aruba, wish me luck.
Original Message:
Sent: Mar 06, 2024 04:24 PM
From: AZ245
Subject: Insight Reports to get all endpoint information exported in csv
Zak,
We are passed that point. Already generated and surprisingly, Device Family, Device OS, and all information known to our endpoint database, insight shows as Unknown to all those fields.
that report doesnt get "Framed IP address" even though option exists in the report to pull those fields, they return as empty columns
Original Message:
Sent: Mar 06, 2024 04:08 PM
From: 802.zak
Subject: Insight Reports to get all endpoint information exported in csv
I may actually suggest, before writing a customer report, using the Standard Report Configuration dialogue.
This gives you the option to Create the "Endpoint Overview" report, and include the Raw CSV.
Note the "include raw data in output" option
Then you can add the the appropriate attributes/columns in the next setup dialogue:
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Mar 06, 2024 04:01 PM
From: AZ245
Subject: Insight Reports to get all endpoint information exported in csv
Zak,
Thank you for your response.
Is there a template available for custom reports? What report type does it take? XML or CSV? Is there a certain format that custom report expects in order to fetch the attributes from endpoint database that we are interested in?
Thanks
Z
Original Message:
Sent: Mar 06, 2024 03:40 PM
From: 802.zak
Subject: Insight Reports to get all endpoint information exported in csv
In Device Insight, if you build a custom report, you can add additional Endpoint attributes to the Raw Data (CSV) Export. Those attributes will include Device Family/Category.
[Include raw data in output]
Also, check your Database Retention settings in, Administration > Database Settings, to ensure Insight is storing the correct values for you report range.
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Mar 06, 2024 01:25 PM
From: AZ245
Subject: Insight Reports to get all endpoint information exported in csv
Hello,
We only have 2 services, EAP TLS and MAC Auth in CPPM. We are trying to create a "near-time" report from clearpass insight module to export all host information that clearpass policy manager has (IP address, Device Family, Device OS, MAC address).
Ideally, most of the information available in "Clearpass Policy Manager > Configuration > Identity > Endpoints", would be nice if that could be reported via insight, however when I see same information in insight, most of the information is missing (e.g Device OS family: Endpoints area show "Dell" or "Microsoft" but same thing to export in Insight we get "unknown").
Is it possible to leverage CPPM or Insight to obtain endpoint reports that has (MAC Addr, Device family, Custom roles (that we assigned), IP address) etc.? I could get "custom roles exported in "Endpoint authentication overview report" but its missing "Device category, family etc" which is populated in "CPPM>config > identity > endpoints".
if i export that "identity>endpoint" list directly from clearpass, I get an xml file and got to use 'xml to csv' converter to get close to what I want but its not "near-time" (for example, show me all devices / endpoint info that connected in last 24 hours".
Thanks