Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Rogue AP and Device profiling using ClearPass

This thread has been viewed 4 times

  • 1.  Rogue AP and Device profiling using ClearPass

    Posted Nov 27, 2017 05:02 PM

    Can ClearPass be used as a rogue AP and device detection server?  We have several locations with /22 subnets.  Is it possible to setup ClearPass to do regular scans on these networks?  We'd specifically like to detect if a rogue AP was plugged into the network.  Would the ClearPass nmap scans handle this, or would we also need to implement supplemental scanning techniques such as DHCP fingerprinting?  Do I need to setup seed devices, or can my ClearPass server handle the scans remotely?



  • 2.  RE: Rogue AP and Device profiling using ClearPass

    EMPLOYEE
    Posted Jan 07, 2018 09:40 PM

    Hi, ClearPass can do on-demand or schedualed network scans from CPPM > Configuration > Profile and Network Scan (note: need CPPM 6.7).

     

    For rogue detection and mitigation you would need Aruba AirWave.  CPPM will only scan the network and profile connected devices.