Security

 View Only
  • 1.  Profiler conflict between. mac oui and fingerprint

    Posted Jun 07, 2024 06:01 AM

    cppm 6.11.7

    Arubaos-s WC.16.11.13

    Have noticed a number of client machiens are being flagged in ednpoints as have a profiler conflict.  Irrespective of whether  its a standard fingerprint  or a custom one i have created for client windows machines, cpp. seems to flag a profiler conflict between a Generic/<MAC OUI Prefix supplier/Unclassified device> and a "proper"  fingerprinted device.   Short of manually going through the endpoints profiler clash list and changng an entry,  surely if you have defined a custom fingerprint in coom, it should take prescedence  over anything else .. shouldnt it?

    A



  • 2.  RE: Profiler conflict between. mac oui and fingerprint

    Posted Jun 10, 2024 05:33 AM

    I would not expect a conflict if a device moves from Generic to something more specific; have not seen this before either.

    Have you checked with support already?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Profiler conflict between. mac oui and fingerprint

    Posted Jun 10, 2024 06:45 AM
    Not yet

    Just to get a bit sidetracked, how do you debug. Sending device fingerprint stuff via radius accounting interim packets ? Have configured this on 10.13.1010 and cant see any fingerprint data appearing on ClearPass.

    Also, in terms of identifying new devices , aren’t interim accounting packets a bit on the slow side if you are trying to identify a brand new device ?

    e..g
    Auth ->
    <-Accept
    <wait a="" bit="">
    Acct start ->
    <wait a="" bit="">
    Acct interim>

    Given you might set an acct interim to be 700 secs for example, doesn’t really provide a fast id of a new device ?

    A




  • 4.  RE: Profiler conflict between. mac oui and fingerprint

    Posted Jun 10, 2024 07:46 AM

    While not having checked this with profiling data, the accounting update for when a switch learns the client IP does not seem to wait for the interim interval. I see the IP address shared within seconds in general. Because as part of getting the IP address DHCP is part of that (when DHCP is used), so would expect that profiling info to be sent with it. It may even be that new profiling date triggers an accounting packet, but if it doesn't it would be a great feature request.

    From you question, doesn't this match what you see?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------