Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

451

452

453

454

455

456

457

458

459

460

454 | W-ClearPass Policy Manager Profile Dell Networking W-ClearPass Policy Manager 6.6 | User Guide

MAC OUI Collector

The MAC OUI (Organization Unique Identifier) is expressed in the first 24 bits of a MAC address for a network-

connected device. Thus, the MAC OUI indicates the specific vendor for that device. The MAC OUI is acquired

through various authentication mechanisms, such as 802.1X and MAC address authentication.

The MAC OUI can be useful to more accurately classify endpoints. An example is Android™ devices where

DHCP fingerprints can only classify a device as generic Android, but it cannot provide more details regarding

the vendor.

Combining this information with MAC OUI, the W-ClearPass Profiler can classify a device as HTC™ Android,

Samsung™ Android, or Motorola® Droid, etc.

The MAC OUI is also useful to profile devices such as printers that might be configured with static IP addresses.

ActiveSync Plug-in Collector

You can install the ActiveSync plug-in on Microsoft Exchange servers.

When a device communicates with an Exchange server using the Active Sync protocol, the device provides

attributes such as device-type and user-agent.

These attributes are collected by the ActiveSync plug-in and sent to the W-ClearPass Profiler. Profiler uses

dictionaries to derive profiles from these attributes.

W-ClearPass OnGuard Agent

The W-ClearPass OnGuard agent performs advanced endpoint posture assessment. This agent can collect and

send operating system details from endpoints during authentication.

The Policy Manager Profiler uses the OnGuard os_type attribute to derive a profile.

SNMP Collector

Endpoint information obtained by reading the Simple Network Management Protocol (SNMP) MIBs of network

devices is used to discover and profile static IP devices in the network. For related information, see SNMP

Configuration for Wired Network Profiling on page 459.

Table 256 describes the MIBs used by the SNMP Collector.

MIB Description

SysDescr A textual description of the entity used both for profiling switches, controllers, and routers

configured in W-ClearPass, and for profiling printers and other static IP devices

discovered through SNMP or subnet scans (RFC1213).

cdpCacheTable Provides the cached information obtained via receiving CDP (Cisco Discovery Protocol)

messages from CDP-capable devices. Used to discover neighbor devices connected to

the switch or controller configured in W-ClearPass.

lldpRemTable This table contains one or more rows per physical network connection known to this

agent read from LLDP (Link Layer Discovery Protocol)-capable devices. Used to discover

and profile neighbor devices connected to the switch or controller configured in

W-ClearPass.

ARPtable Address Resolution Protocol (ARP) information read from the network devices. Used as a

means to discover endpoints in the network.

Table 256: SNMP MIBs Used by the SNMP Collector