Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Endpoint Static IP value

This thread has been viewed 0 times

  • 1.  CPPM Endpoint Static IP value

    Posted Sep 05, 2014 03:00 PM

    We are running CPPM / Guest 6.2.6.  All of our endpoints have the "Static IP" value = TRUE.  This isn't the case because all of our clients are actually DHCP.  How does this value get set?

    From what I understand, having this value set to TRUE may be preventing the endpoints from being cleaned up.  In CPPM 6.3 & 6.4 is there any improvement to the Endpoint cleanup / management?



    Thanks,
    Bryan



  • 2.  RE: CPPM Endpoint Static IP value

    EMPLOYEE
    Posted Sep 05, 2014 03:31 PM

    Do you have a DHCP relay pointed to your ClearPass servers on your user subnets?



  • 3.  RE: CPPM Endpoint Static IP value

    EMPLOYEE
    Posted Sep 05, 2014 03:42 PM
    - Head to Administration > Server Manager > Server Config > Cluster-Wide Parameters.  There is a tab for Cleanup Intervals.
     
    - Known endpoints cleanup interval:   A value (in days) that ClearPass uses to determine when to start deleting known or disabled entries from the Endpoint repository. Known entries are deleted based on their last "Updated At" value for each Endpoint. For example, if this value is 7, then known Endpoints that do not have an "Updated At" value within the last 7 days will be deleted.
     
    - Unknown endpoints cleanup interval:  A value (in days) that ClearPass uses to determine when to start deleting unknown entries from the Endpoint repository. Unknown entries are deleted based on their last "Updated At" value for each Endpoint. For example, if this value is 7, then unknown Endpoints that do not have an "Updated At" value within the last 7 days (perhaps stale endpoints) will be deleted.
     
    - Screenshot attached.PastedGraphic-3.tiff


  • 4.  RE: CPPM Endpoint Static IP value

    Posted Sep 09, 2014 11:16 AM

    No, we only have ip helpers pointing to our DHCP servers.  Does CPPM need to hear requests for DHCP for some reason?

     

     



  • 5.  RE: CPPM Endpoint Static IP value

    EMPLOYEE
    Posted Sep 09, 2014 11:21 AM
    Yes, this is the main method that ClearPass uses to profile.