Security

Reply
Highlighted
Super Contributor I

ClearPass Policy Manager Profiling

Hello. I have my controller arubaOS 6.1 and ClearPass Policy Manager 6.2 with Profiling. When user login in the ssid with 802.1x. ClearPass Profiling not device categorized. I have available dhcp fingerprinter in the controller?

 

The controller device categorized ipad. Attachment imagen.

 

Thanks


Accepted Solutions
Highlighted
Moderator

Re: ClearPass Policy Manager Profiling

You need to do it on the router interface (SVI / RVI) for the user subnet.

 

In most deployments this is on an upstream device. 

 

    interface vlan 100

        ip helper-address <clearpass server>

 

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Guru Elite

Re: ClearPass Policy Manager Profiling

Are you forwarding DHCP traffic of your clients to the ClearPass Policy Manager using a helper address?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Super Contributor I

Re: ClearPass Policy Manager Profiling

Not, as acive?

Highlighted
Super Contributor I

Re: ClearPass Policy Manager Profiling

Not, as active?

Highlighted
Moderator

Re: ClearPass Policy Manager Profiling

You should add a helper address pointing to the ClearPass server(s) to each
subnet where you would like profiling to occur.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Super Contributor I

Re: ClearPass Policy Manager Profiling

where this option is available?

Highlighted
Moderator

Re: ClearPass Policy Manager Profiling

You need to do it on the router interface (SVI / RVI) for the user subnet.

 

In most deployments this is on an upstream device. 

 

    interface vlan 100

        ip helper-address <clearpass server>

 

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Super Contributor I

Re: ClearPass Policy Manager Profiling

Excellent. The option is correct.

 

Highlighted
Super Contributor I

Re: ClearPass Policy Manager Profiling

the ip helper-address what protocol our port use?.

 

Highlighted
Moderator

Re: ClearPass Policy Manager Profiling

ClearPass reads the DHCP discover packet.

 

[CLIENT]  UDP 0.0.0.0:68 -> 255.255.255.255:67 --> [ROUTER] UNICAST RELAY



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: