Security

Hi

In a break from AV update issues, I would like to ask a question about building management network devices.

I have an issue in that most of our plumping/electrical equipment does not get detected by clearpass.

The reason seems to be that they don't have a presented mac address on the switch.  They just sit on the network. (Priva devices mainly)

I expect they would only send out network traffic when they are restarted.

Anyone seem this behaviour? Found a solution?

The obvious (insecure) method would be to remove them from clearpass monitoring but we are resistant to that

Thanks for any help

Our systems do the same thing (MAC address table wise) and we generally have good luck using nmap to locate them manually.

Have you tried the Discovery options in ClearPass to see if letting it scan the IP space to see what it can find?

Hello

No we didn't try that, thanks for the ideas.  

But we decided that to make it reliable - as we are under pressure to monitor the infrastructure equipment (health and safety) that we had to remove the ports from clearpass.

Assign a separate vlan and used more traditional port security to prevent other devices connecting if someone messes with the wiring.

These devices only seem to show their mac when something attempts to connect to them, which isn't good for mac auth.

thank you!

in the end, the building management systems had to be separated from clearpass and onto a dedicated section of the switch, didn't see another solution

the  best solution, if you have the right switches - see attached..

Attachment(s)

MAC_Pinning.docx   454 KB 1 version