Security

Reply
Frequent Contributor I

DHCP helper for CPPM fingeprinting

I understand you need to add clearpass as an ip helper for fingerprinting. I have a sub/pub setup with a VIP. Can I just add the VIP as a helper? Or should I be adding the physical management IPs instead? Do I need to add all three? Thanks.
Frequent Contributor II

Re: DHCP helper for CPPM fingeprinting

Hello, 

 

If all the nodes, in the cluster are local, meaning in the same data centre, you can just add the publisher physical IP as DHCP helper, and that should do it. 

 

---

-If you got what you need with my answer please give kudos and mark it as solution.
Frequent Contributor I

Re: DHCP helper for CPPM fingeprinting

They are in two separate DCs, but connected L2.
Frequent Contributor II

Re: DHCP helper for CPPM fingeprinting

Assuming that one of the boxes is the profiler, you can add both IPs as dhcp relay. Based on the Profiling TechNote  the second CPPM node can perform profiling and send it to the active profiler.


Daniel Méndez Vargas
ACMP, ACCP
Highlighted
Frequent Contributor II

Re: DHCP helper for CPPM fingeprinting

Yes, As dmendez mentioned, you could add either 2 or 1, at the end profiler, will be forwarding the info to Pub to write to db anyway, as the subscriber cannot write it to the DB.  

 

If the sub is performing auths and is busy, pub is just sitting, you can send the profiling info to pub, it will do profiling and will replicate the data to sub anyway.  Basically you can send it to both, but you dont need do. 

 

hope this helps..

 

 

-If you got what you need with my answer please give kudos and mark it as solution.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: