Security

I'm having a weird issue and maybe it's because I don't understand how the discovered devices in Clearpass works, or because it isn't working properly.

Anyhow - a network scan picked up many of my Cisco switches. It doesn't seem that with any of these discovered switches that I can do anything. I tried to import, but that doesn't seem to do anything at all. I can't change any information, or even delete them from the list.

I'm also having an issue with SNMP authentication failures. My Clearpass is trying to contact these discovered devices using "public" as the community string, even though I have set the proper community string in the Clearpass server configuration network services. This causes many SNMP traps to be sent from my switches to my syslog server.

So, what I'd like to do is either remove all my switches from discovered devices, or have Clearpass use the proper SNMP string while contacting them.

Also, I'd like to know what the point of discovered devices is.

Thanks for any help.

Did you configure SNMP Scans under Configuration -> Profile and Network Scan -> Profile Settings? 

Hi Michael,

Thanks for your reply. We do have SNMP scans setup with the correct community string. We only have the subnet set for a small section of our network ( /24 out of a /16). But even some devices that fall within the subnet of our SNMP scan are receiving a community string of "public" for requests. I've been going through and manually adding all of our switches to the XML document when you export it from Configuration > Network > Devices and this appears to be stopping SNMP auth traps being sent to our syslog server, but we're still receiving SNMP auth traps from 1 device that is added to the Network > Devices section.

We're trying to figure out what Discovered Devices is used for. We have created a network scan using our core switch for our seed device. This devices IP address we are using falls within the /24 subnet we have configured for the SNMP scan profile under Configuration > Profile and Network Scan > Profile Settings. We set the scan depth for 3 with ARP probing and it discovered roughly half of our Cisco switches it seems like. Under Discovered Devices we can see our sees device as well and there's a long list of IP addresses tied with it, which are all the VLAN interfaces on the switch. When we try to import a switch it asks for either a RADIUS or TACAS+ shared secret. We don't have a TACAS server in place and we aren't sure where the RADIUS secret was set. In the exported XML I can see some devices (non-Cisco devices) have a RADIUS shared secret configured on them so I tried that with some of our Cisco switches, but it fails. The status of the devices changes from New to Imported but the devices never show under Configuration > Network > Devices unless I manually add them.

Thanks!

Please open a TAC case to continue further.

The imported devices should be available under Configuration >> Network >> Devices. TAC can assist you to debug further.

Note: ClearPass server uses "public" as community string, if no configuration exist under Configuration >> Profile and Network Scan >> Profile Settings >> SNMP Configuration.