Requirement:
The Setup must be running minimum ArubaOS 8.0.1 or above.
Solution:Starting from ArubaOS 8.0.1.0, the device type classification is enhanced to identify the device type for each client, determine firewall policies, and customize to meet the requirement of the end user. The device type information is sent from ClearPass to ArubaOS.
The device identification features in ArubaOS can also automatically identify different client device types and operating systems by parsing the User-Agent strings in the client’s HTTP packets. To enable this feature, select the Device Type Classification option in the AP’s AAA profile.
To gather the information required to manage and establish WebSocket interface to the ClearPass Insight server, configure ClearPass WebSocket profile. Once the connection is established, the user can subscribe/unsubscribe and receive device profile information for the subscribed stations.
Note: Prior to establishing the WebSocket interface with ClearPass Insight server the issuer certificate of the server must be imported to the controller as TrustedCA certificate.
Configuration:From WebUI:
Follow the steps below to configure the ClearPass WebSocket interface and the primary and secondary ClearPass Insight server:
1. In the Mobility Master node hierarchy, navigate to Configuration > System > Profiles tab.
2. From All Profiles select Other Profiles > ClearPass WebSocket.
3. Select ClearPass WebSocket Interface checkbox to enable this option and to connect to ClearPass WebSocket.
4. Enter appropriate values in the host and port name fields.
5. Enter appropriate values in the parameters listed below the Primary ClearPass Insight Server and Secondary ClearPass Insight Server fields.
6. Click Submit.
7. Click Pending Changes.
8. In the Pending Changes window, select the check box and click Deploy changes.
From CLI:
Syntax:
(ArubaMM) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(ArubaMM) [mynode] (config) #websocket clearpass
(host) [mynode] (ClearPass WebSocket Profile) #primary host <host> port <1-65535> username <username> passwd <passwd>
(host) [mynode] (ClearPass WebSocket Profile) #secondary host <host> port <1-65535> username <username> passwd <passwd>
(host) [mynode] (ClearPass WebSocket Profile) #enable
Example:
(ArubaMM) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(ArubaMM) [mynode] (config) #websocket clearpass
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #primary host 172.16.0.154 port 443 username admin passwd arubatest
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #secondary host 172.16.0.155 port 443 username admin passwd arubatest
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #enable
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #exit
(ArubaMM) ^[mynode] (config) #write memory
Saving Configuration...
Partial configuration for /mm/mynode
------------------------------------
Contents of : /flash/config/partial/86/p=sc=mynode.cfg
papi-security
!
websocket clearpass
enable
primary host "172.16.0.154" port 443 username "admin" passwd eac97450523be508e6dbb963d5d32277633237b56350d878
secondary host "172.16.0.155" port 443 username "admin" passwd e920fec34cc91f582098954fd4598fc976d18d5c18d7b75b
!
Configuration Saved.
(ArubaMM) [mynode] (config) #
Note: Only admin, apiadmin, and clusteradmin can configure ClearPass WebSocket profile.
Verification(ArubaMM) [mynode] (config) #show websocket state clearpass
ClearPass WebSocket Connection State [Interface: Enabled]
---------------------------------------------------------
Server State
------ -----
Primary: 172.16.0.154:443 DOWN
Secondary: 172.16.0.155:443 DOWN
(ArubaMM) [mynode] (config) #
(ArubaMM) [mynode] (config) #show websocket statistics clearpass
ClearPass WebSocket Interface Statistics Summary
------------------------------------------------
DevId Replayed DevId Created DevId Deleted SUB Item Sent SUB Msg Sent UNSUB Item Sent UNSUB Msg Sent PUB Item Received PUB Item Posted
-------------- ------------- ------------- ------------- ------------ --------------- -------------- ----------------- ---------------
0 0 0 0 0 0 0 0 0
(ArubaMM) [mynode] (config) #