Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

DHCP helper for CPPM fingeprinting

This thread has been viewed 2 times

  • 1.  DHCP helper for CPPM fingeprinting

    Posted Aug 29, 2019 10:49 AM
    I understand you need to add clearpass as an ip helper for fingerprinting. I have a sub/pub setup with a VIP. Can I just add the VIP as a helper? Or should I be adding the physical management IPs instead? Do I need to add all three? Thanks.


  • 2.  RE: DHCP helper for CPPM fingeprinting

    EMPLOYEE
    Posted Aug 29, 2019 11:52 AM

    Hello, 

     

    If all the nodes, in the cluster are local, meaning in the same data centre, you can just add the publisher physical IP as DHCP helper, and that should do it. 

     

    ---



  • 3.  RE: DHCP helper for CPPM fingeprinting

    Posted Aug 29, 2019 11:55 AM
    They are in two separate DCs, but connected L2.


  • 4.  RE: DHCP helper for CPPM fingeprinting

    Posted Aug 29, 2019 12:13 PM

    Assuming that one of the boxes is the profiler, you can add both IPs as dhcp relay. Based on the Profiling TechNote  the second CPPM node can perform profiling and send it to the active profiler.



  • 5.  RE: DHCP helper for CPPM fingeprinting

    EMPLOYEE
    Posted Aug 29, 2019 01:35 PM

    Yes, As dmendez mentioned, you could add either 2 or 1, at the end profiler, will be forwarding the info to Pub to write to db anyway, as the subscriber cannot write it to the DB.  

     

    If the sub is performing auths and is busy, pub is just sitting, you can send the profiling info to pub, it will do profiling and will replicate the data to sub anyway.  Basically you can send it to both, but you dont need do. 

     

    hope this helps..