Security

Hello!

 

I have some end users computers (Windows 8 and 10) that uses static IPs, so they never get profiled by DHCP messages. As this devices doesn't support SNMP, what is the best way to profile these devices?

 

Is ARP profiling from L3 device enough to identify these computers?

You could configure NMAP or WMI scanning in CPPM. NMAP is pretty straight forward, but WMI will require windows admin credentials.

 

If these devices are wireless, you could also configure CPPM IF-MAP on the Aruba controller. 

Hello, do you have a documentation about WMI? I would like to know how it works before try it.

 

It's wired clients. Cisco Switchs

 

For ARP, can I get the informations about SO and device category?

Yes , if you enable to collect the ARP via SNMP , you will be able to get all the profiling information (Category / OS / Device Name)



Thank you

Victor Fabian

Pardon typos sent from Mobile

Nice to hear(read) it about ARP. I will try to get ARP from the L3 switchs.

 

Do you know if it will use a lot of memory/cpu in Clearpass to process it? (I guess the arp table will have around 15 thousands address)

A few of my large customers have it enabled with no issues, if you are running 6.8.1 and onwards ClearPass automatically load balance the SNMP reads across all your nodes

Sent from Mail for Windows 10

The attached "draft" and totally unoffical document might be of use as it attempts to explain how you can configure ClearPass to initiate a proactive WMI scan when the device connects.

All feedback much appreciated.

You can add your switch in ClearPass and define the snmp read string to obtain the arp table under Configuration > Network > Devices> SNMP Read Settings

That will allow you to profile devices with a static IP address

Is this for wired, what switches are you using?