Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Profiling for devices with no DHCP

This thread has been viewed 16 times

  • 1.  Profiling for devices with no DHCP

    Posted Nov 16, 2018 08:59 AM
    Hi community,

    I know ClearPass uses several collectors for profiling, the most important is through DHCP. If I have devices with static IP such as phones and printers, can ClearPass fingerprint these devices? The fingerprint accuracy will depend on the device?

    Regards,
    Julián


  • 2.  RE: Profiling for devices with no DHCP

    EMPLOYEE
    Posted Nov 16, 2018 09:04 AM

    Please read "Discovering endpoint with static IP address" in the ClearPass Profiling tech note here:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx



  • 3.  RE: Profiling for devices with no DHCP

    Posted Nov 16, 2018 10:30 AM
    When add a device make sure to add the SNMP read string and enable to collect ARP information from the NAD

    Sent from Mail for Windows 10


  • 4.  RE: Profiling for devices with no DHCP

    Posted Nov 16, 2018 11:21 AM

    Hi,

     

    Then for printers and phones CPPM will fingerprint the devices through SNMP. The Tech Note also says MAC OUI can be used "MAC OUI is also useful to profile devices such as printers which may be configured with static IP addresses."

    In my customer, many of the devices are slot machines, so I am not sure if they support SNMP. Also other collectors such as HTTP or OnGuard is not an option for these machines, neither TCP Fingerprinting since my CPPM is VM and the Tecn Note says "Within a VM environment if the DATA Port is being used then the ability to use TCP Fingerprinting is not an option."

    Will those machines be fingerprinted through MAC OUI? Many thanks for your interest.

     

    Regards,

    Julián



  • 5.  RE: Profiling for devices with no DHCP

    EMPLOYEE
    Posted Nov 17, 2018 02:20 PM
    What Victor is talking about is your switch when it's added to Clearpass as a NAD clearpass will read the ARP table and should at least get you some profiling visibility that way of static IP devices.


  • 6.  RE: Profiling for devices with no DHCP

    Posted Nov 19, 2018 12:18 PM

    OK, I understand.

    I also understand that printers and phones can be fingerprinted through MAC OUI.

     

    "MAC OUI is also useful to profile devices such as printers which may be configured with static IP addresses. MAC OUI fingerprints are also automatically updated periodically in ClearPass."

     

    For the customer's slot machines maybe ClearPass classify these devices through MAC OUI as generic devices. If so, can I create a fingerprint rule to classify automatically these devices though MAC OUI?

     

    Regards,

    Julián



  • 7.  RE: Profiling for devices with no DHCP

    EMPLOYEE
    Posted Nov 19, 2018 01:45 PM

    Yes if you update The generic devices classification it will get saved into Clearpass' database and will help to correctly fingerprint those devices in the future.