Requirement:To download roles from the CPPM server, the Mobility Controller requires to provide the CPPM server admin credentials starting from CPPM 6.4.3.
The controller authentication to ClearPass Policy Manager (CPPM) is enhanced to use a configurable username and password instead of a support password. The support password is vulnerable to attacks as the server
certificate presented by CPPM server is not validated.
Solution:To achieve this, a new CLI command is introduced in ArubaOS 6.4.2.6. Using this command,
Configuration:In the WebUI:
To configure controller authentication to CPPM:
1. Navigate to Configuration > Security> Authentication> Servers.
2. Under Radius Server, select the server name.
3. Enter the cppm_username and cppm_password parameters in the CPPM credentials field.
4. Click Apply.
In the CLI:
To configure controller authentication to CPPM:
(host) (config) #aaa authentication-server radius <radius_server_name>
(host) (RADIUS Server "<radius_server_name>") #cppm username <username> password <password>
VerificationTo view status of controller authenticating to CPPM:
(host) #show aaa authentication-server radius <radius_server_name>
RADIUS Server "<radius_server_name>"
--------------------
Parameter Value
--------- -----
Host 127.0.0.1
Key ********
CPPM credentials Kevin/*********
..
..
called-station-id macaddr colon disable
Verified and tested in 6.4.2.6 image version.