Security

Reply
Frequent Contributor I

Endpoint profiling - force re-profile

I've been playing around with wired 802.1x w/ MAC authentication fallback - doing authorisation based on device fingerprint in the endpoint database.

 

Is there any way to force the endpoint's profile information to be updated with every DHCP request that gets relayed to ClearPass? Looking at using this mechanism to stop MAC address spoofing...


Accepted Solutions
Highlighted
Moderator

Re: Endpoint profiling - force re-profile

That already happens. If the endpoint category changes, the Conflict flag will be changed to true.

Sent from Nine<>


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Endpoint profiling - force re-profile

That already happens. If the endpoint category changes, the Conflict flag will be changed to true.

Sent from Nine<>


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Frequent Contributor I

Re: Endpoint profiling - force re-profile

Cool - are there any time constraints around this? Or caching?

 

Is there any special config required or just pointing DHCP helpers to ClearPass?

Highlighted
Moderator

Re: Endpoint profiling - force re-profile

No, just the DHCP helper address or span port.

Sent from Nine<>


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: