Security

Dear

I have a network that I have configured an ArubaOS8.3 controller, clearpass 6.7 with policies to ensure that only mobile devices connect to the 802.1x network, but even configured relay on the Core switch on the lan specifies pointing to the Clearpass, does not receive the IP of dhcp, however device classification works through the DHCP fingerprint.
Now it usually authenticates in clearpass but does not receive IP.
In the controller the IP receives the IP correctly, but this same IP is not received in the user who authenticates in the clearpass. DHCP is running normally on the client.

Have you enabled "Profile Endpoints" in your ClearPass service? And In the profile tab, select any category/any OS

Yes I have.

 

Don’t quite understand your issue , are you able to see that ClearPass was able to profiled and categorized the device (s) under the endpoint db ?

Or you are concern that the ip address reflected under the endpoint db doesn’t match the assigned IP on the device itself?

Sent from Mail for Windows 10

As for the Endpoint, I believe that it is categorizing correctly according to the images below, but it is not able to assign IP of this VLAN, not even in the controller can get the IP.

Look in access tracker and make sure you are returning the correct user-role from ClearPass and if the correct user-role is being sent then verify that are using the necessary ACLs under the user-role

You can run the show user-role | include to validate what role the device is getting

Then run the show rights to see the level of access under the device role


Thank you

Victor Fabian

Pardon typos sent from Mobile

See the commands on the controller

any idea how to solve it?

As victor suggested have you checked the profile CPPM is sending to Controller and role client is receving in access tracker? If this detials are correct then I would recommand to file AOS tac ticket.

 

No Yet . I opened a TAC but it still has not been resolved.