Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Profiling tunneled users using IF-MAP

This thread has been viewed 6 times

  • 1.  Profiling tunneled users using IF-MAP

    Posted Jul 22, 2019 04:35 AM

    Hello,

    Is it possible to profile wired tunneled users/devices using IF-MAP? I have enabled IF-MAP on MC. I can see fingerprint details (application data) of wireless users (corporate users - not Guest or onboarded users) in Clearpass, but there are no fingerprint details (application data) of wired users. Wired user is present in MC Client list and it is tunneled.

    Any ideas?

     

    Thank you,

    Paulius Ivanauskas



  • 2.  RE: Profiling tunneled users using IF-MAP

    EMPLOYEE
    Posted Jul 22, 2019 06:06 AM

    To be honest, I don;t have a direct answe to your question:

     

    IF-MAP is used to send client details from a controller to ClearPass.  These details are typically available if the device communicates over port 80 and has a browser agent that is recognized.  Type "show aaa device-id-cache" to see if your device is recognized on the MD first to see if that information is available.



  • 3.  RE: Profiling tunneled users using IF-MAP

    Posted Jul 24, 2019 07:01 AM

    Hello,

    It is not recognised.

    Actually, what I saw was my User in Traffic analysis>User list (cli command "show users" also gives info about it). The User was not present in Client list. Also command " show aaa device-id-cache mac " has shown that there was no info about it.

    "show tunneled-node-mgr tunneled-users" shows that my user is tunneled succesfully.

    Why tunneled user is not showing up in Client list/ device-id-cache?