About Generic Devices Page
The generic devices Generic devices are unknown devices which cannot be classified using any of the system or user defined classification criteria. Generic devices do not contain enough fingerprint data to classify them. Generic devices are grouped into device clusters by similar properties and can then be classified by the user either by assigning a classification set to the device cluster or creating a user defined rule. that have accessed your wired and or wireless network for a specified date range. These devices are discovered by the different collectors deployed in your environment. Devices that cannot be classified by system rules A rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification. or user defined rules are grouped together by similar attributes and placed into device clusters A device cluster is a logical group of devices having similar properties. using machine learning.
page displays all the differentThe Analyzer process within ClearPass Device Insight attempts to classify all of the devices that access your network. Devices which the Analyzer process cannot classify using any system rules or user-defined rules are considered generic (unknown) devices. To assist you with classifying these generic devices Generic devices are unknown devices which cannot be classified using any of the system or user defined classification criteria. Generic devices do not contain enough fingerprint data to classify them. Generic devices are grouped into device clusters by similar properties and can then be classified by the user either by assigning a classification set to the device cluster or creating a user defined rule. and to save you time, ClearPass Device Insight uses machine learning clustering to dynamically create device clusters A device cluster is a logical group of devices having similar properties. that contain similar generic devices. You can then access these device clusters and assign a classification set to those devices.
To assist you with the classification process, machine learning clustering provides up to three classification recommendations in the device cluster when available. These recommendations are gathered from existing similar classified devices in the device cluster or other tenants. You can select one of the system recommendations to classify the generic devices or you have the option to assign your own classification to the generic devices if you do not agree with the recommendations.
High-Level Machine Learning Clustering Process Flow
Following is a high-level process flow of machine learning clustering:
- Analyzing Device Attributes
- Running LDA Topic Modeling
- Running Machine Learning Hierarchical Clustering Algorithm
- Running TCP Fingerprint Classifier
- Devices Without Fingerprint Data
Analyzing Device Attributes
The Analyzer process analyzes device attributes including communication and behavior patterns. It classifies all of the devices it can using MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. range classifier, system rules, and user-defined rules that have been defined. When a device cannot be classified using system rules or user-defined rules, the Analyzer assigns that device to the device cluster. You can view this device cluster on the page.
When a device is initially placed in the
device cluster this means that the machine learning hierarchical clustering algorithm has not yet run to classify the devices and create device clusters. Machine learning clustering runs every 12 hours.For every generic device, data is loaded for at least one hour to a maximum of the last active 14 days (activity may not be consecutive) that can go back as far as 90 days. Devices that are not active in the last 90 days stay with the last cluster assigned to them but disappear from the
page. The page only displays the device clusters for devices active in the past 90 days. As long as the device is active in the last 90 days, it is assigned to some device cluster which can be different from the device cluster it was assigned to in the last run.Running LDA Topic Modeling
Latent Dirichlet Allocation (LDA) topic modeling runs on the data which contains both classified and unclassified devices (generic devices) that have a MAC OUI Organizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI. (not synthetic) and sufficient DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. options.
Running Machine Learning Hierarchical Clustering Algorithm
The LDA output is run through a machine learning hierarchical clustering algorithm to form device clusters. This process provides classification recommendations that are displayed in the device cluster that are gathered from the following:
Similar classified devices in the same device cluster.
Device data (seed data) from other tenants (customers) which is a sub-sampling of their data.
Classification recommendations provided in the device cluster are based on the percentage of classified devices in the device cluster. You can view these device clusters on the
page.Using the
dialog you can manage the classification details for a specific cluster. The classification recommendations are displayed on the dialog. If a device cluster is based on LDA clustering, the following message is displayed below :Recommendations based on [XXX (quantity of devices)] similar classified devices.
If a device cluster is based on LDA clustering, but also includes seed data from the other tenants, the following message is displayed below
:Recommendations based on [XXX (quantity of devices)] similar and augmented classified devices.
Classified devices used from the seed set are not displayed in the user interface.
If a classification recommendation has a 95 percent or better confidence rating, it is automatically assigned to the devices in the device cluster by the system. No user intervention is required for these device clusters.
is displayed in the field for the devices in the dialog.Running TCP Fingerprint Classifier
If a device cannot be assigned a device cluster using LDA-based clustering, an additional TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. fingerprint classifier is run based on the availability of TCP fingerprint data for the device. If it can, device clusters are formed based on similar TCP fingerprints of generic devices within the device cluster. Devices with or without MAC address are considered for TCP fingerprint clustering. This process also provides classification recommendations and they are based on the percentages of the Random Forest class assignments to the generic devices.
Auto classification is not available for TCP fingerprint device clusters. You can view these device clusters on the
page.Using the
dialog you can manage the classification details for a specific cluster. The classification recommendations are displayed on the dialog. If a device cluster is based on TCP fingerprint clustering, the following message is displayed below :Recommendations based on similar TCP fingerprints within this cluster of generic devices.
Devices Without Fingerprint Data
Devices that do not have any fingerprint data are displayed with a tooltip separately on the
page. Devices may not have fingerprint information if DHCP and SPAN traffic is not configured correctly to reach the collector or if active scans have not been run on the collector. To prevent this from occurring, check the network configuration and ensure that DHCP and SPAN traffic is configured to reach the collector and that active scans are scheduled to be run on the collector.For more information, see the following topics:
About Dashboard and List Views
The
page contains a and a view.The
summarizes the device information through individual cards that display different device clusters. From the you can access the following:- device cluster A device cluster is a logical group of devices having similar properties.. dialog where you can assign a classification set to a
- device cluster A device cluster is a logical group of devices having similar properties.. dialog where you can create a rule from scratch using one or more of the attributes from the devices in the
- dialog where you can create a report of the information in the
For more information, see the following topics:
The
view lists the devices in a grid format that are currently filtered in the . From the view you can access the dialog which displays additional details for each specific device.You can easily toggle between the
and the view by selecting the tab and the tab in the upper right hand corner of the page.