Controller Based WLANs

How to enable Device Type Classification on Aruba Mobility Master Controller?

Aruba Employee
Requirement:

The Setup must be running minimum ArubaOS 8.0.1 or above.



Solution:

Starting from ArubaOS 8.0.1.0, the device type classification is enhanced to identify the device type for each client, determine firewall policies, and customize to meet the requirement of the end user. The device type information is sent from ClearPass to ArubaOS.

The device identification features in ArubaOS can also automatically identify different client device types and operating systems by parsing the User-Agent strings in the client’s HTTP packets. To enable this feature, select the Device Type Classification option in the AP’s AAA profile.

 

 

To gather the information required to manage and establish WebSocket interface to the ClearPass Insight server, configure ClearPass WebSocket profile. Once the connection is established, the user can subscribe/unsubscribe and receive device profile information for the subscribed stations.

Note: Prior to establishing the WebSocket interface with ClearPass Insight server the issuer certificate of the server must be imported to the controller as TrustedCA certificate.



Configuration:

From WebUI:

Follow the steps below to configure the ClearPass WebSocket interface and the primary and secondary ClearPass Insight server:

 

1. In the Mobility Master node hierarchy, navigate to Configuration > System > Profiles tab.
2. From All Profiles select Other Profiles > ClearPass WebSocket.
3. Select ClearPass WebSocket Interface checkbox to enable this option and to connect to ClearPass WebSocket.
4. Enter appropriate values in the host and port name fields.
5. Enter appropriate values in the parameters listed below the Primary ClearPass Insight Server and Secondary ClearPass Insight Server fields.
6. Click Submit.
7. Click Pending Changes.
8. In the Pending Changes window, select the check box and click Deploy changes.

From CLI

Syntax:

(ArubaMM) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(ArubaMM) [mynode] (config) #websocket clearpass
(host) [mynode] (ClearPass WebSocket Profile) #primary host <host> port <1-65535> username <username> passwd <passwd>
(host) [mynode] (ClearPass WebSocket Profile) #secondary host <host> port <1-65535> username <username> passwd <passwd>
(host) [mynode] (ClearPass WebSocket Profile) #enable

Example:

(ArubaMM) [mynode] #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(ArubaMM) [mynode] (config) #websocket clearpass
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #primary host 172.16.0.154 port 443 username admin passwd arubatest
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #secondary host 172.16.0.155 port 443 username admin passwd arubatest
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #enable
(ArubaMM) ^[mynode] (ClearPass WebSocket Profile) #exit
(ArubaMM) ^[mynode] (config) #write memory

Saving Configuration...

Partial configuration for /mm/mynode
------------------------------------
Contents of : /flash/config/partial/86/p=sc=mynode.cfg

papi-security
!
websocket clearpass
    enable
    primary host "172.16.0.154" port 443 username "admin" passwd eac97450523be508e6dbb963d5d32277633237b56350d878
    secondary host "172.16.0.155" port 443 username "admin" passwd e920fec34cc91f582098954fd4598fc976d18d5c18d7b75b
!

Configuration Saved.
(ArubaMM) [mynode] (config) #

 

Note: Only admin, apiadmin, and clusteradmin can configure ClearPass WebSocket profile.

 



Verification
(ArubaMM) [mynode] (config) #show websocket state clearpass

ClearPass WebSocket Connection State [Interface: Enabled]
---------------------------------------------------------
            Server            State
            ------            -----
Primary:    172.16.0.154:443  DOWN
Secondary:  172.16.0.155:443  DOWN
(ArubaMM) [mynode] (config) #
(ArubaMM) [mynode] (config) #show websocket statistics clearpass

ClearPass WebSocket Interface Statistics Summary
------------------------------------------------
DevId Replayed  DevId Created  DevId Deleted  SUB Item Sent  SUB Msg Sent  UNSUB Item Sent  UNSUB Msg Sent  PUB Item Received  PUB Item Posted
--------------  -------------  -------------  -------------  ------------  ---------------  --------------  -----------------  ---------------
0               0              0              0              0             0                0               0                  0

(ArubaMM) [mynode] (config) #
Version history
Revision #:
1 of 1
Last update:
‎03-20-2017 02:48 PM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.