Contributor II

Building Management Systems



In a break from AV update issues, I would like to ask a question about building management network devices.


I have an issue in that most of our plumping/electrical equipment does not get detected by clearpass.


The reason seems to be that they don't have a presented mac address on the switch.  They just sit on the network. (Priva devices mainly)

I expect they would only send out network traffic when they are restarted.


Anyone seem this behaviour? Found a solution?


The obvious (insecure) method would be to remove them from clearpass monitoring but we are resistant to that


Thanks for any help


Re: Building Management Systems

Our systems do the same thing (MAC address table wise) and we generally have good luck using nmap to locate them manually.

Have you tried the Discovery options in ClearPass to see if letting it scan the IP space to see what it can find?


if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Contributor II

Re: Building Management Systems



No we didn't try that, thanks for the ideas.  


But we decided that to make it reliable - as we are under pressure to monitor the infrastructure equipment (health and safety) that we had to remove the ports from clearpass.


Assign a separate vlan and used more traditional port security to prevent other devices connecting if someone messes with the wiring.


These devices only seem to show their mac when something attempts to connect to them, which isn't good for mac auth.


thank you!



Contributor II

Re: Building Management Systems

in the end, the building management systems had to be separated from clearpass and onto a dedicated section of the switch, didn't see another solution

Contributor II

Re: Building Management Systems

the  best solution, if you have the right switches - see attached..

Search Airheads
Showing results for 
Search instead for 
Did you mean: