Security

Reply
mkk
Contributor II

Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

I focus a strange issue in Clearpass 6.7.3.

 

When a wired endpoint connect the first time, dhcp fingerprint works correctly, profiling profiled it as computer, do a correct COA session termination.

 

But when i remove the endpoint and reconnect the endpoint within 5 minutes DCHP Fingerprint is not received and profiling dont happens.

 

I stubble this issue for two weeks now. Google, aruba documentation and other topics here dont give me the answer.

 

I hope that some CP experts here can help me with solve this issue.

 

See attachment with screenshots and detailed information.

 

 

 

 

 

 

 

Guru Elite

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Devices are not reprofiled within a 5 minute window.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
mkk
Contributor II

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Hi Cappalli,

 

Thanks for the quick and clear answer, appreciate your involvement on airheads!

 

So... From a hackers mind, it knowns that printer are mostly not accept 802.1x. So i turn off and on a printer, its profiled again as printer (conflict will be true). I reconnect within 5min with my MAC spoofed notebook, and iam in your Printer vlan (without a conflict). Hopefully the printer vlan is protected by the firewall ;)

 

Is there some good reason why dhcp profiling only take place once again after 5 minutes. It maybe could a nice feature. I dont think it should take a lot more of resources of CP because it isnt a normal behavior of a normal client.

 

Thanks for help me out here!

 

 

 

mkk
Contributor II

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Guru Elite

Re: Endpoint Profiler DCHP Fingerprint No Update at Re-Connect Wired MAC-auth

Why would a headless network be more privileged than an end user?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: