Security

Reply
Occasional Contributor II

Endpoint Profiler DHCP don't work

Dear

I have a network that I have configured an ArubaOS8.3 controller, clearpass 6.7 with policies to ensure that only mobile devices connect to the 802.1x network, but even configured relay on the Core switch on the lan specifies pointing to the Clearpass, does not receive the IP of dhcp, however device classification works through the DHCP fingerprint.
Now it usually authenticates in clearpass but does not receive IP.
In the controller the IP receives the IP correctly, but this same IP is not received in the user who authenticates in the clearpass. DHCP is running normally on the client.

Re: Endpoint Profiler DHCP don't work

Have you enabled "Profile Endpoints" in your ClearPass service? And In the profile tab, select any category/any OS

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor II

Re: Endpoint Profiler DHCP don't work

Yes I have.

 

Sevices 1.PNGservices 2.PNGservices 3.PNGAccess Tracker.PNGaccess tracker endpoint.PNG

MVP Guru

Re: Endpoint Profiler DHCP don't work

Don’t quite understand your issue , are you able to see that ClearPass was able to profiled and categorized the device (s) under the endpoint db ?

Or you are concern that the ip address reflected under the endpoint db doesn’t match the assigned IP on the device itself?

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Endpoint Profiler DHCP don't work

As for the Endpoint, I believe that it is categorizing correctly according to the images below, but it is not able to assign IP of this VLAN, not even in the controller can get the IP.endpoint1.PNGendpoint2.PNGendpoint3.PNGendpoint4.PNGendpoint 5.PNG

MVP Guru

Re: Endpoint Profiler DHCP don't work

Look in access tracker and make sure you are returning the correct user-role from ClearPass and if the correct user-role is being sent then verify that are using the necessary ACLs under the user-role

You can run the show user-role | include to validate what role the device is getting

Then run the show rights to see the level of access under the device role


Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Endpoint Profiler DHCP don't work

See the commands on the controller

Highlighted
Occasional Contributor II

Re: Endpoint Profiler DHCP don't work

any idea how to solve it?

MVP Guru

Re: Endpoint Profiler DHCP don't work

As victor suggested have you checked the profile CPPM is sending to Controller and role client is receving in access tracker? If this detials are correct then I would recommand to file AOS tac ticket.

 

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Endpoint Profiler DHCP don't work

No Yet . I opened a TAC but it still has not been resolved.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: