Security

I'm using the endpoint profiler in clearpass to detect Windows XP machines which are then dropped  into a quarantine vlan with a captive portal that says "Windows XP not supported...."

We did test this on a network team laptop and everything seemed to work .... and now it doesn't

What seems to have hapened is that for whatever reason, the endpoint profiler has decided to assign the XP machine a Device Name of Windows and not Windows XP. The other Windows device names are self explanatory but under what conditions does clearpass just define a device as "Windows" ?

What's also strange is that all the machines ( there are 10 of them out of 63000 ish ) are in our network team office and we know that a whole batch of them are Windows 7 machines. Can't be a coincidence...

What about embedded XP devices such as EPOS devices, do they come up as Windows XP or something else?

Rgds

A

Yes but we don't assign IP addresses from them. We have another system that provides 

DHCP services for both our wired and wireless networks.

I've set up an IP Helper address on all routing endpoints in our network to forward DHCP requests to clearpass. That way clearpass gets to see every device using our network  and I can see what device types clearpass thinks a client is.

A

If you enable IF-MAP, you can use a combination of the IF-MAP data and the Aruba-Device-Type from the RADIUS request as a way to tag Windows XP devices.

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Tip-Using-IF-MAP-fingerprints-to-identify-legacy-devices/m-p/156396/