Computer and IT knowledge - things to know
" Since Aruba CX software version 10.12 the device fingerprint information learnt by the switch can be sent as Vendor Specific Attributes (VSA) to ClearPass RADIUS server in RADIUS accounting packets."
>> see the following blog entry:
https://integratingit.wordpress.com/2023/10/31/aruba-cx-device-fingerprinting/
---------------------------------------------------------------------------------------
how to?
1) create a device fingerprint:
client device-fingerprint profile FINGERPRINT-PROFILE
dhcp option-num 55
dhcp options-list
cdp tlv-name capabilities
cdp tlv-name device-id
cdp tlv-num 4
lldp tlv-name system-name
lldp tlv-num 5
lldp tlv-name port-description
lldp tlv-name system-capabilities
2.) enable the fingerprint profile
To enable the device fingerprint profile this can be enabled globally or under specific interfaces using the command client device-fingerprint apply-profile FINGERPRINT-PROFILE
interface 1/1/1
client device-fingerprint apply-profile FINGERPRINT-PROFILE
3.) send the fingerprint information, to clearpass
aaa radius-attribute group CPPM-RADIUS
vsa vendor aruba type avpair group dfp-client-info
4.) verification:
- DEVSWI# show client device-fingerprint active
- DEVSWI# show client device-fingerprint
- on clearpass you should see the fingerprint information under Configuration > Identity > Endpoints
- you can debug the radius flow and should see the attribute information in a Radius Accouting Request (Vendor Specific (VSA) attribute computer2know :: thank you for your visit :: have a nice day :: © 2024