Security

 View Only

  • 1.  Profiling issue

    Posted Jul 10, 2019 07:15 AM

    Hello , We are using DHCP profiling . 

    we have one issue . The Endpoint is a laptop ( Category computer) and it was  not profiled  although it was passing the MAC auth service and Accept was seen on clearpass and clearpass send the Allow access profile

     

    Today morning the same device was connected and it is profiled correctly .

    Again , we deleted the profiled device from Endpoints in clearpass and rebooted the laptop but again it is not profiled 

     

    We did several shut/unshut of ports but still the device is not profiled .

     

    Is there a certain to wait for device to be profiled again ( if we remove it from Endpoints) . This is same case with another device on another switch hitting the MAC auth service

     



  • 2.  RE: Profiling issue
    Best Answer

    Posted Jul 11, 2019 07:37 AM

    Most times if you see such an issue, the DHCP request does not reach the ClearPass server. With the collect logs option under the system manager you can capture traffic on the ClearPass and verify if the DHCP request reaches the ClearPass. Does your infrastructure allow the DHCP request (don't you have a dynamic access lists that blocks the request before it can reach the IP helper, does the IP helper see the request, does the IP helper forward the request, is the forwarded request allowed on the path to the ClearPass)?

     

    Many switches/WLAN require an IP interface on the VLAN where the IP helper is, so make sure that is all configured in the 'profiling VLAN' if you have one.



  • 3.  RE: Profiling issue

    Posted Jul 12, 2019 07:19 AM

    Hi Herman Indeed it was DHCP which was coming on to clearpass

     

    Thanks for your help as always

    @Herman Robers wrote:

    Most times if you see such an issue, the DHCP request does not reach the ClearPass server. With the collect logs option under the system manager you can capture traffic on the ClearPass and verify if the DHCP request reaches the ClearPass. Does your infrastructure allow the DHCP request (don't you have a dynamic access lists that blocks the request before it can reach the IP helper, does the IP helper see the request, does the IP helper forward the request, is the forwarded request allowed on the path to the ClearPass)?

     

    Many switches/WLAN require an IP interface on the VLAN where the IP helper is, so make sure that is all configured in the 'profiling VLAN' if you have one.

     



Related Content