Security

Reply
Occasional Contributor II

Clearpass endpoint profile conflicts

I'm working on correcting and improving our 802.1x/MAB system and encountered a curious issue. In looking at the endpoint database and checking for conflicts I found a fair number of devices showing as having reported profile conflicts (about 7%)! Digging into them, it seems that at some point a number of devices were profiled with Device Category: SmartDevice, Device OS Family: Apple, Device Name: Apple iPhone. This either shows as their first profiling (and the correct profile information being the conflict), or some point later (with the Apple data showing as the conflict).

 

The only thing that I can think of as being related is that it looks like many of these have connected to our guest network at some point, using Clearpass Guest for the captive portal and Mobility Access Controllers for the wifi. The DHCP, Mobility Controller, and Clearpass are the same as for the corporate access, and I'm not seeing any obvious red-flags at the moment. On a related note, is there a particular log that shows when a new conflict arrises? It would make it easier to try to track down specifically what's happening to cause a conflict.

Highlighted
Aruba

Re: Clearpass endpoint profile conflicts

What version of ClearPass are you running?    If you are on 6.8.1; I suggest you install the 6.8.1 patch which includes fixes relating to profiling conflicts.

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Occasional Contributor II

Re: Clearpass endpoint profile conflicts

It is indeed 6.8.1. I'll pull the update and schedule a time to push it to the cluster. I'll let you know if that resolves it, thank you!

Aruba

Re: Clearpass endpoint profile conflicts

FWIW; This will not revert those conflicts; only fix an issue that may have caused them in the first place.    

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Occasional Contributor II

Re: Clearpass endpoint profile conflicts

Appreciated. Fortunately, we're not in a full enforcement state yet, and I've been working on using profiling for initial inventory before we move to enforcement, so I should be able to just delete most of the conflicted devices and have the re-inventory. Thank you for that!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: