Security

I have configured the Cisco Device Sensor on a Cisco switch to send DHCP via accounting to Clearpass.

 

I see accounting packets logged in Clearpass for the client devices that perform DHCP via the Cisco switch. So I suspect it is working. 

 

How do I pull the device information from the accounting packets so I can use it in Role Mapping/Policy/Enforcement?

 

Thanks a bunch! 

The information sent is used by ClearPass profiler to profile the device. Check the Endpoint repository. Do you see the device category, OS family populated? 

 

If yes, you need to use those attributes in your policy.

 

 

No. That of course is the first place I looked expecting it to be there.  

 

 

 

You cannot pull device information from RADIUS Accounting into a policy. The only place from where you can pull/use device attributes is the Endpoint Repository.

 

Is your interim accounting enabled on the NAD? 

 

If yes, have you enabled Log Accounting Interim-Update Packets in ClearPass? This is under Administration > Server Configuration > Click on server > Service Parameter > Radius Service > Accounting. This is disabled by default. 

Yes, interem accounting is enabled and yes, it is enabled on the NAD. Accounting packets show traffic updates.

I didn't think you could ingest directly from accounting either.

All the basics are good. I ingest attributes from other external sources without issue.

I personally have not heard of anyone utilizing this feature. I am vetting in the lab for a new customer.


Get Outlook for Android

Its been awhile since i use it. Did you verify your settings like on page 25?

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=33256

 

 

Yes, that's the guide I went from. I dug up some other Cisco docs for debugging and such. Appears it's working getting Accounting to Clearpass.

I will keep messing with it and post back if I figure out what I am missing. It's at least good to know it should show in the endpoint repository.

Get Outlook for Android

Follow-up to my t-shoot. 

 

DHCP Snooping is required which I had enabled but I missed the VLAN that the test client was receiving IP. Once I added that, device sensor saw it and sent accounting information containing all neccesary DHCP options as specified in the filter. The Endpoints repository then updated with the proper Fingerprint. Good to go! 

 

Moral of the story.... dont forget ALL of the DHCP Snopping configs! 

---

@airhead1234 wrote:

Follow-up to my t-shoot. 

 

DHCP Snooping is required which I had enabled but I missed the VLAN that the test client was receiving IP. Once I added that, device sensor saw it and sent accounting information containing all neccesary DHCP official survey options as specified in the filter. The Endpoints repository then updated with the proper Fingerprint. Good to go! 

 

Moral of the story.... dont forget ALL of the DHCP Snopping configs! 

---

 I dug up some other Cisco docs for debugging and such. Appears it's working getting Accounting to Clearpass.

I will keep messing with it and post back if I figure out what I am missing. It's at least good to know it should show in the endpoint repository.

Hi!

 

As you mentioned earlier,

Did you try using the updated endpoint attributes as a condition to authenticate a new device?