Security

Hello , we are having an issue . We have deployed Wired NAC .

 

out of 23 endpoints , CPPM is able to profile( DHCP) 16 endpoints . 

 

The remaining ones - some are having static IPs and some still dynamic .

 

can we make use  of CPPM nmap to do a scan of the subnet and do a profiling . The goal is to make standard what to be done for devices which are not profiled by cppm. we have around 200 sites so we want to utilize if nmap service on cppm can help to profile in case dhcp profiling will fail 

Make sure Fingerprints are up to date under Administration » Agents and Software Updates » Software Updates >> Posture & Profile Data Updates section.

 

We can use nmap scan to profile device but adding cppm ip as IP helper,should profile the devices, sometime if Clearpass does not have latest fingerprints or non supported fingerprints we see such issues.

Hi pawan.

The end profiler was updated in 2018.

About the nmap scan, can you let me know how to do it? Does it scan on specific port or only SNMP ?

I would recommand to update Fingerprints to latest.

 

Link proivdes steps

 

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Does-CPPM-profiles-end-devices-using-NMAP/ta-p/279177

 

Clearpass Profiling TechNote Documents

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=33255

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=33256

 

 

Subnet Scan
ClearPass uses subnet scans to discover and profile devices with statically assigned IP
addresses. Scans are automatically run every day or can be run on demand.
For each scanned address ClearPass will:
• If port 22 is open, attempt to use SSH to login and gather additional data
• If port 135 is open, attempt to use WMI to login and gather additional data
• If port 161 is open, attempt to query SNMP information
• If port 135 and 3389 is open, assume that the endpoint is Windows-based