Original Message:
Sent: Mar 25, 2024 09:16 AM
From: Smit Bret
Subject: Clearpass configuration
Logging from network devices (like switches) to ClearPass can be beneficial for monitoring and auditing purposes. The UDP port 20514 is commonly used for this purpose, as it allows ClearPass to receive syslog messages from the network devices. It's indeed a standard practice to configure syslog forwarding from network devices to ClearPass, especially for monitoring network access and troubleshooting issues.
Regarding the specific command you provided:
logging host <clearpass IP> transport udp port 20514
This command seems appropriate for Cisco devices to send syslog messages to ClearPass over UDP port 20514. However, it's crucial to ensure that ClearPass is configured to listen on the specified port for syslog messages.
You may want to double-check the ClearPass configuration to verify that it is indeed configured to receive syslog messages over UDP port 20514. If not, you may need to adjust the ClearPass configuration accordingly.
Original Message:
Sent: Mar 24, 2024 01:34 PM
From: arubamike
Subject: Clearpass configuration
Hi All,
Working on a clearpass wired 802.1x deployment and have some configurations on some configuration best practices. In the deployment, the network devices are cisco.
Question 1: I noticed in the template from the vendor, they are logging to clearpass over udp port 20514. The below command from the config. I'm familiar with this config/port when using Cisco ISE, but not sure if this is correct for clearpass. My question is it best practice to send syslog from the NAD (switch) to clearpass and is this the proper port? I can't find it in the config.
logging host <clearpass IP> transport udp port 20514
Question 2: What's the recommended way to handle profiling when you have endpoint devices that are configured with static IP or in scenarios where there is no option to forward dhcp queries to clearpass?