Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Devices automatically revert back to Unknown in the ClearPass endpoint database

This thread has been viewed 3 times

  • 1.  Devices automatically revert back to Unknown in the ClearPass endpoint database

    Posted Mar 19, 2015 11:24 AM

    Hello,

     

    One of my customers is experiencing an odd issue whereby some Known clients are changed back to Unknown within seconds in the Endpoint Database.

    This is not directly related to a client's access request and will happen at any time, alhought it does not affect all clients.

    An Aruba Support case has been created for this, but I thought about asking here in cae anybody else has seen this before.

     

    Regards,

     

    Giuseppe Damiano/



  • 2.  RE: Devices automatically revert back to Unknown in the ClearPass endpoint database

    EMPLOYEE
    Posted Mar 19, 2015 11:26 AM

    Giuseppe Damiano,

     

    That should not happen so quickly, unless you have a rule that changes the known/unknown status of those devices.  The value should stay put, at least for 24 hours with no issue....

     



  • 3.  RE: Devices automatically revert back to Unknown in the ClearPass endpoint database

    MVP
    Posted Mar 25, 2015 05:34 AM

    "The value should stay put, at least for 24 hours with no issue...."..

    euhm.. I'll put this to weird phrasing but.. the only reason why an endpoint would change known to unknown is if the endpoint was removed (cleanup) and rediscovered or changed by an enforcement policy right?



  • 4.  RE: Devices automatically revert back to Unknown in the ClearPass endpoint database

    Posted Mar 25, 2015 05:40 AM

    Annoyingly enough, the issue has now stopped manifesting itself (right after I had escalated the case to Aruba TAC).

     

    In terms of enforcement, the policy used was the Sample Allow All, but what's more important is that the reverting back to unknown did not jut happen upon connection to a wireless network. It happen as soon as the endpoint was manually marked a known by the administrator.

     

    One clue that is missing from the description is that ClearPass was synchronising with Airwatch to import known endpoints. However, when the issue begun, we deleted Airwatch altogether from the list of Context servers and the issue carried on happening even when manually deleting, recreating the endpoint.

     

    All the Database cleanup times were and still are set to default.

     

    I've sent the logs to support in the hope the captured some relevant information, but I am now waiting for the issue to appear again.

     

    Cheers,

     

    Giuseppe/



  • 5.  RE: Devices automatically revert back to Unknown in the ClearPass endpoint database

    Posted Aug 29, 2017 10:33 AM

    Giuseppe Damiano,

     

    i know it has been a while since you came accross this issue. Do you remeber the outcome?

    A customer reported a similar issue today where status of macbooks changes from known to unknown within 10 sec.

     

    best regards

    Kevin