Rogue AP and Device profiling using ClearPass
11-27-2017 02:02 PM
Can ClearPass be used as a rogue AP and device detection server? We have several locations with /22 subnets. Is it possible to setup ClearPass to do regular scans on these networks? We'd specifically like to detect if a rogue AP was plugged into the network. Would the ClearPass nmap scans handle this, or would we also need to implement supplemental scanning techniques such as DHCP fingerprinting? Do I need to setup seed devices, or can my ClearPass server handle the scans remotely?
Re: Rogue AP and Device profiling using ClearPass
01-07-2018 06:39 PM
Hi, ClearPass can do on-demand or schedualed network scans from CPPM > Configuration > Profile and Network Scan (note: need CPPM 6.7).
For rogue detection and mitigation you would need Aruba AirWave. CPPM will only scan the network and profile connected devices.