Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

DHCP Relay for Clearpass profiling

This thread has been viewed 21 times

  • 1.  DHCP Relay for Clearpass profiling

    Posted Oct 30, 2017 09:21 AM

    I'm trying to get wired profiling set up between our clearpass server and wired clients. I already have profiling working for my wireless clients.

     

    I have two DHCP relays setup on a test VLAN, one for the DHCP server subnet, and one for the clearpass subnet. I'm receiving DHCP addresses, but not seeing these devices get profield by clearpass. 

     

     

    Does clearpass need the DHCP relay to point directly to clearpass, or can it point to the subnet it is in?



  • 2.  RE: DHCP Relay for Clearpass profiling
    Best Answer

    EMPLOYEE
    Posted Oct 30, 2017 09:39 AM

    The DHCP relay needs to forward client DHCP relay requests directly to the ip address of the ClearPass Box.



  • 3.  RE: DHCP Relay for Clearpass profiling

    Posted Oct 30, 2017 11:19 AM

    Thanks Joseph, that worked out.

     

    Why does the DHCP helper need to point at clearpass instead of the subnet, shouldn't clearpass see the DHCP broadcast when it's relayed to the subnet clearpass resides in?



  • 4.  RE: DHCP Relay for Clearpass profiling
    Best Answer

    Posted Oct 30, 2017 01:42 PM

    ClearPass needs to receive a unicast, not multi/broadcast packet for the fingerprinting process.