Wireless Access

Reply
Occasional Contributor II

IF-MAP in Aruba Controller

Hi there,

 

Problem : Can IF-MAP collecter in Mobility Controller send Endpoint data to clearpass before endpoint hitting authentication service?

 

I am working on solution to prevent MAC spoofing for MAC only authentication service in clearpass 6.7. The problem with traditional Endpoint profile collecters like DHCP Fingerprinting, AP will collect Endpoint data after authentication which is useless in case of MAC Spoofing prevention. I have found that IFMAP in controller can pass endpoint data before authentication so that I can identify Endpoint profiler conflict and block them. Is it possible??

 

 Thanks!

Guru Elite

Re: IF-MAP in Aruba Controller

The IF-MAP collector in the controller can only identify the device based on the user-agent when the device browses or communicates over port 80.  So that means the device would have had to be connected to the network and opened a browser or communicated with an application over port 80 first before it can be identified.  You can see what has been identified already on an MD (controller) by typing "show aaa device-id-cache"


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: IF-MAP in Aruba Controller

Thanks cjosph,

 

Is there any workaround for this problem? Our Printers will support only mac authentication.

Guru Elite

Re: IF-MAP in Aruba Controller

There is no workaround.  IF-MAP is specifically for devices that can be identified when they communicate on port 80; typically with a web browser.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: IF-MAP in Aruba Controller

IF-MAP should always be configured. The printer may be communicating on port 80 to a software update server (for example).


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: