Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Device fingerprinting in ArubaosCX

This thread has been viewed 52 times

  • 1.  Device fingerprinting in ArubaosCX

    Posted Oct 14, 2020 08:54 AM

    With the "normal" ArubaOS switches we  can configure  "device fingerprinting "

    Can we do the same with CX ?



  • 2.  RE: Device fingerprinting in ArubaosCX
    Best Answer

    EMPLOYEE
    Posted Oct 14, 2020 12:14 PM

    There is no current support in CX for Device Fingerprinting.



  • 3.  RE: Device fingerprinting in ArubaosCX

    Posted Sep 08, 2021 07:27 AM

    Wait I am not sure I understand the question can someone help me.  I have been doing device fingerprinting on CX prior to 10.8.  In fact Im pretty sure I been fingerprinting since CX-OS 10.6 at least maybe even earlier.


    Maybe you are asking something different for me I am device fingerprinting at CPPM and then passing a switch role to the switch.  Is the question asking something different?



    ------------------------------
    Alan Scott
    ------------------------------

    Original Message


  • 4.  RE: Device fingerprinting in ArubaosCX

    EMPLOYEE
    Posted Sep 08, 2021 10:02 AM
    Fingerprinting on CPPM (and combined with MAC auth) is something different than this device fingerprinting.

    The fingerprinting discussed here is in the switch to bypass authentication for certain devices like APs. I personally think that is a pretty bad idea, as you lose all visibility, and it can be easily spoofed without leaving a trace in your access tracker. With ClearPass you could do it what probably any AOS-CX version. Fingerprinting in the switch has the benefit that you don't need ClearPass.

    If you have the choice, I would include ClearPass (but you may know that I'm somewhat biased on that topic).

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 5.  RE: Device fingerprinting in ArubaosCX

    MVP EXPERT
    Posted May 03, 2022 10:45 AM
    Hi Herman,
    Was talking about   still using  cppm, just using the devcie fingerprinting collector capabilities ( cdp, snmp, http, dhcp, lldp) of the switch ( as available in 2930 range) to update whats on clearpass ... still using  clearpass for role application

    Certainly wasn't planning on having  switches doing their own thing and  losing the vlity clearpass goves you
    A

    ------------------------------
    Alex Sharaz
    ------------------------------

    Original Message


  • 6.  RE: Device fingerprinting in ArubaosCX

    MVP EXPERT
    Posted Sep 09, 2021 09:00 AM
    Or do you mean the feature available on a 2930 where you can enable http,lldp,cdp and dhcp collectors on the switch and upload the fingerprints to clearpass?
    Can u do that in CX?

    Sent from my iPhone


    Original Message


  • 7.  RE: Device fingerprinting in ArubaosCX

    EMPLOYEE
    Posted Sep 09, 2021 10:41 AM
    This is the first phase released on AOS-CX.  The integration with other products will come in future releases.  In this phase, there will be limited Central 2.5.4 support, where the hostname can be sent from the client to central via device fingerprinting.

    In other words, the "plumbing" on the switch is there, future Central, ClearPass, and CPDI support will be coming.

    This DFP video can provide more details (starts at 11:46).

    https://www.youtube.com/watch?v=gx0IsHu-gR8


    ------------------------------
    Justin Noonan
    ------------------------------

    Original Message


  • 8.  RE: Device fingerprinting in ArubaosCX

    EMPLOYEE
    Posted Sep 07, 2021 01:34 PM
    Device fingerprinting is supported in ArubaOS-CX version 10.08.  Check out the most current Release Notes or the AOS-CX v10.08 Command-Line Interface Guide for more info.

    ------------------------------
    Jay Wadleigh
    Aruba, an HP Enterprise company
    ------------------------------

    Original Message