I was wondering if anyone would be able to help clarify which profiling methods would be able to tell me the device type/category (VoIP/IoT/smartdevice/etc..) if dhcp and http profiling options are not available. We have a deployment where a handful of VLANs are isolated and cannot do dhcp relay to our ClearPass servers and we need to discover what types of devices are present on those VLANs so that we can properly process wired authentications on those switch ports.
Many of the devices are headless (IoT, VoIP, etc) and therefore a captive portal wouldnt really help either. Setting up a SPAN port is likely not an option either due to the network architecture and our ClearPass servers being VMs. We have set up a subnet scan but it’s only discovering basic endpoints attributes like MAC address and MAC Vendor.
I have read through the profiling technotes and user guides but can’t quite tell which type of profiling would be able to provide the type/category of the device outside of dhcp/http profiling. Is this possible with other profiling methods, or would it require an endpoint context server (like a palo alto firewall) that can fingerprint endpoints and provide the type/category for devices in the isolated VLANs?