Users Guide
318 | ClearPass Policy Manager Profile Dell Networking W-ClearPass Policy Manager 6.3 |ξUser Guide
Figure 317: SNMP Read/Write Settings Tabs
In large or geographically spread cluster deployments, you do not want all CPPM nodes to probe all SNMP configured
devices. The default behavior is for a CPPM node in the cluster to read network device information only for devices
configured to send traps to that CPPM node.
Subnet Scan
A network subnet scan is used to discover IP addresses of devices in the network. The devices discovered this way are
further probed using SNMP to fingerprint and assign a Profile to the device. Network subnets to scan. Subnets to scan
are configured per CPPM Zone. This is particularly useful in deployments that are geographically distributed. In such
deployments, it is recommended that you assign the CPPM nodes in a cluster to multiple βZonesβ (from Administration
> Server Configuration > Manage Policy Manager Zones) depending on the geographical area served by that node, and
enable Profile on at least one node per zone.
For more information, see "Manage Policy Manager Zones" on page 354.
Figure 318: Subnet Scans page
Profiling
The Profile module uses a two-stage approach to classify endpoints using input attributes.
Stage 1
Stage 1 tries to derive device profiles using static dictionary lookups. Based on the available attributes available, Stage
1 looks up DHCP, HTTP, ActiveSync, MAC OUI, and SNMP dictionaries and derives multiple matching profiles.
After multiple matches are returned, the priority of the source that provided the attribute is used to select the
appropriate profile. The following list shows the decreasing order of priority.
l OnGuard/ActiveSync plugin
l HTTP User-Agent