Security

Hi!

 

What is the easist way to profile devices with static ips ?

We´re running profiling on Aruba switches 2920/5400, dhcp devices works fine. But I´m having trouble understanding the best way to profile devices with static IPs such as printers.

 

I could run a audit as a part of my service but clearpass doesn´t know what ip-adress the device have and also it must be in the correct vlan before the audit to be able to communicate. Could I check wich static ip the device have and based on that return a temporary correct vlan and audit it ?

 

Running a network scan I get a lot of fingerprints wich is good. But the subnet scan doesn´t give me the mac-adresses only ip.

Would running a scan based on seed devices solve this ?

 

The documentation on running 802.1x/mac-auth with profiling is very good if you run dhcp. But I´m having trouble finding any good resources for devices with static ips. This must be quite common yes ? For printers and such...

Use the following profiling technote

https://community.arubanetworks.com/t5/Security/UPDATED-ClearPass-Profiling-TechNote-V1-2/td-p/243541
Pardon typos sent from Mobile

Hi!

 

Read it, it´s kinda outdated in some regards (options have moved and so on).

 

Also not super clear on how to set it up. It states pretty much that only ip and fingerprint is found with a subnetscan. But how do I tie this information together with mac-adress wich is the information shown during authentication.

 

I´ve configured ARP reading, but can I see those entrys somewhere ?

 

Whould be realy nice to have a paper showing a sample config from start to finish. Something like the "ClearPass_Solution-Guide_Wired-Policy-Enforcement_v2018-01" . To bad that guide only covers dhcp pretty much.

Hi

 

Maybe HTTP and/or SNMP profiling could help

 

 

Hi about question that like you see the static IP on clearpass, you need check the configuración NAD, ( configuration>Network>devices) into the NAD you can see SNMP you need enable the last check ( force arp) the clearpass need the arp table for know the static IP address. regards


#AirheadsMobile

Hi about question that like you see the static IP on clearpass, you need check the configuración NAD, ( configuration>Network>devices) into the NAD you can see SNMP you need enable the last check ( force arp) the clearpass need the arp table for know the static IP address. regards


#AirheadsMobile

Hi!

 

Well now I´ve configured devices with arp read forced, I´m doing regular Subnetscans and network discoveries based on seed devices. Also doing nmap audits on newly connected devices.

 Still not sure if I´m 100% on the setup haven´t gotten time to test much lately. Would be nice with a fully fledged guide for best practice in this area as I said. Have any of you guys configured your enviroment for static ip devices succesfully ?

hey Gonz,
if devices with static IP are permanent and you re not adding devices regularly, you can use a static host list,

i'm running in same situation and still looking for another flexible way

Hi!

 

yeah, we end up using device list and enabled some users to register their devices.

 

Still doing some audit and discovery though, but yeah a more flexible solution would be nice. Maybe I´m missing something...

yeah man, per of my research and consultancies, you're things correctly =)