Controller Based WLANs

Controller Authentication to CPPM

Aruba Employee
Requirement:

To download roles from the CPPM server, the Mobility Controller requires to provide the CPPM server admin credentials starting from CPPM 6.4.3.

The controller authentication to ClearPass Policy Manager (CPPM) is enhanced to use a configurable username and password instead of a support password. The support password is vulnerable to attacks as the server
certificate presented by CPPM server is not validated.



Solution:

To achieve this, a new CLI command is introduced in ArubaOS 6.4.2.6. Using this command,



Configuration:

In the WebUI:


To configure controller authentication to CPPM:
1. Navigate to Configuration > Security> Authentication> Servers.
2. Under Radius Server, select the server name.
3. Enter the cppm_username and cppm_password parameters in the CPPM credentials field.
4. Click Apply.

In the CLI:


To configure controller authentication to CPPM:
(host) (config) #aaa authentication-server radius <radius_server_name>
(host) (RADIUS Server "<radius_server_name>") #cppm username <username> password <password>



Verification

To view status of controller authenticating to CPPM:


(host) #show aaa authentication-server radius <radius_server_name>
RADIUS Server "<radius_server_name>"
--------------------
Parameter Value
--------- -----
Host 127.0.0.1
Key ********
CPPM credentials Kevin/*********
..
..
called-station-id macaddr colon disable

 

Verified and tested in 6.4.2.6 image version.

Version history
Revision #:
2 of 2
Last update:
‎06-02-2015 11:51 PM
Updated by:
 
Labels (1)
Contributors
Comments

What benefit is there to doing this if we can simply return an Aruba user role via normal RADIUS request/response?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.