Since all endpoints are statically addressed and the objective is to prevent MAC spoofing, you can consider running an NMAP scan post-authentication for device profiling.
To ensure the scan is effective, relevant ports must be allowed through the firewall. Additionally, if SNMP is enabled on printers, NMAP can leverage SNMP queries to retrieve detailed device information.
However, if the number of devices in your environment is significantly high, it's recommended to first test this approach on a small group of endpoints to assess potential performance impact before scaling it organization-wide.
Please note that profiling will only be successful if ClearPass is able to gather sufficient data to classify the device. In cases where data is insufficient, ClearPass may neither assign a proper profile nor raise a profile conflict.
Original Message:
Sent: Jun 04, 2025 04:55 AM
From: zouhsaine
Subject: Profiling without DHCP to prevent MAC spoofing
Hello,
Our client does not use DHCP, it uses static IPs for all machines and printers and IP phones, and i am aware that there is other methods to profile an endpoint,
but my goal here is to prevent mac spoofing, and for me i think the only way is DHCP, am i correct ? because lets say for example a windows/linux machine of an attacker spoofed the MAC of a printer or IP phone, i dont think Clearpass is able to profile the attacker machine using snmp so it wont be detected as Conflict and Clearpass will allow the connection.
Kindly correct me if am wrong .
Is there any other way to fix this issue or is DHCP the only answer here ?