Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
311312313314315316317318319320
ActiveSync Plugin
The ActiveSync plugin is to be installed on Microsoft Exchange servers. When a device communicates with exchange
server using active sync protocol, it provides attributes like device-type and user-agent. These attributes are collected
by the plugin software and are sent to the CPPM profiler. Profiler uses dictionaries to derive profiles from these
attributes.
CPPM OnGuard
The ClearPass OnGuard agent performs advanced endpoint posture assessment. It can collect and send OS details from
endpoints during authentication. The Policy Manager Profiler uses the os_type attribute from OnGuard to derive a
profile.
SNMP
Endpoint information obtained by reading SNMP MIBs of network devices is used to discover and profile static IP
devices in the network. The following information read via SNMP is used:
l sysDescr information from RFC1213 MIB is used to profile the device. This is used both for profiling
switches/controllers/routers configured in CPPM, and for profiling printers and other static IP devices discovered
through SNMP or subnet scans.
l cdpCacheTable information read from CDP (Cisco Discovery Protocol) capable devices is used to discover neighbor
devices connected to switch/controller configured in CPPM
l lldpRemTable information read from LLDP (Link Layer Discovery Protocol) capable devices is used to discover
and profile neighbor devices connected to switch/controller configured in CPPM
l ARPtable read from network devices is used as a means to discover endpoints in the network.
The SNMP based mechanism is only capable of profiling devices if they respond to SNMP, or if the device advertises its
capability via LLDP. When performing SNMP reads for a device, CPPM uses SNMP Read credentials configured in
Network Devices, or defaults to using SNMP v2c with "public" community string.
Note that the SNMP based mechanism is only capable of profiling devices if they respond to SNMP, or if the device
advertises its capability via LLDP. When performing SNMP reads for a device, CPPM uses SNMP Read credentials
configured in Network Devices, or defaults to using SNMP v2c with "public" community string.
Network Devices configured with SNMP Read enabled are polled periodically for updates based on the time interval
configured in Administration > Server Configuration > Service Parameters tab > ClearPass network services
option > Device Info Poll Interval.
The following additional settings are included with Profile support:
l Read ARP Table Info - Enable this setting if this is a Layer 3 device, and you want to use ARP table on this device
as a way to discover endpoints in the network. Static IP endpoints discovered this way are further probed via
SNMP to profile the device.
l Force Read - Enable this setting to ensure that all CPPM nodes in the cluster read SNMP information from this
device regardless of trap configuration on the device. This option is especially useful when demonstrating static IP-
based device profiling because this does not require any trap configuration on the network device.
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide ClearPass Policy Manager Profile | 317