" Since Aruba CX software version 10.12 the device fingerprint information learnt by the switch can be sent as Vendor Specific Attributes (VSA) to ClearPass RADIUS server in RADIUS accounting packets."

>> see the following blog entry:

how to?

1) create a device fingerprint:
client device-fingerprint profile FINGERPRINT-PROFILE
dhcp option-num 55
dhcp options-list
cdp tlv-name capabilities
cdp tlv-name device-id
cdp tlv-num 4
lldp tlv-name system-name
lldp tlv-num 5
lldp tlv-name port-description
lldp tlv-name system-capabilities

2.) enable the fingerprint profile
To enable the device fingerprint profile this can be enabled globally or under specific interfaces using the command client device-fingerprint apply-profile FINGERPRINT-PROFILE

interface 1/1/1
client device-fingerprint apply-profile FINGERPRINT-PROFILE

3.) send the fingerprint information, to clearpass
aaa radius-attribute group CPPM-RADIUS
vsa vendor aruba type avpair group dfp-client-info

4.) verification:
- DEVSWI# show client device-fingerprint active
- DEVSWI# show client device-fingerprint
- on clearpass you should see the fingerprint information under Configuration > Identity > Endpoints
- you can debug the radius flow and should see the attribute information in a Radius Accouting Request (Vendor Specific (VSA) attribute

computer2know :: thank you for your visit :: have a nice day :: © 2024