Security

Reply
Frequent Contributor I

Best Practice For ClearPass with VIA VPN?

Is there any documentation showing best practice or samples for configuring ClearPass with an Aruba Controller using VIA?

Re: Best Practice For ClearPass with VIA VPN?

There isn't a doc but what are you trying to do and I can try pointing you in the right direction
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Best Practice For ClearPass with VIA VPN?

I want to get a basic setup working first with just username/password authentication using ClearPass Policy Manager to pass a role back to the controller. Once I get that working I would expand it to include different roles based on if a device can do EAP-TLS authentication with a CP Onboard cert, or based on AD group membership of the userid, etc.

Guru Elite

Re: Best Practice For ClearPass with VIA VPN?

These should help you get started.

 

via-a-1.PNG

 

via-a-2.PNG

 

via-b-1.PNG

 

via-b-2.PNG

 

via-b-3.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Best Practice For ClearPass with VIA VPN?

I do not see in RADIUS request the NAS-Port-Type field with the value "Virtual (5)".

I see instead this value: "802.11 (19)", what may be wrong? 

Re: Best Practice For ClearPass with VIA VPN?

that would point to your request coming over wireless, are you certain this is a VIA request and nothing somethin from the wireless  network?

Occasional Contributor I

Re: Best Practice For ClearPass with VIA VPN?

Tim, 

 

My question is in reference to your Authentication Method you created for EAP TLS, Which bits did you flip in that customized Method to get things to work with your CA? 

We run our own Root CA here and I'm trying to get this bugger to perform VIA over EAP-TLS now instead of MSCHAPv2..

I've got my CA uploaded to my ClearPass and all of my clients have Certs pushed via GPO so I think I'm good there.  Not sure how to groom my AuthMethod. 

 

Also any coaching on the Controller side would be greatly assistive. As I can see it the only two VIA Auth Methods supported are PAP and MSCHAPv2.

 

My connection profile seems to be correct as I See it here. Any coaching would be appreciative. VIA_ConnectionProfile.jpg

Thanks a TON in advance. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: