Security

Reply
Occasional Contributor II

CLI Enforcement on ClearPass 6.3.0

Just curious if anyone out there is successfully using CLI Enforcement with ClearPass 6.3.0.  The first time I wanted to use the feature was after upgrading CP to 6.3.0, so I'm unfamiliar with what may be a bug or my own config errors.

 

I'm attempting to a command to my 7220 to blacklist MAC addresses that meet a very specific criteria (per our AUP).  In ClearPass, I see the enforcement profile trigger & the CLI command is generated correctly (visible in output tab), but the station is never blacklisted.  My 7220's logs also never show a login attempt from CP.

 

Before I go any further, CLI access is definitely enabled in the CP device config for the 7220, and the user/pass config is accurate. :)

 

device-7220.png

 

 

Looking in the request log details, the only thing out of the ordinary that  I can see is the following line:

2014-01-24 08:53:16,228[RequestHandler-1-0x7f726c5e2700 h=1357323 c=R0000cc05-02-52e27e5c] WARN Util.DatatypeUtils - Converting string 192.168.127.250 to integer failed. Trailing characters

 

That seems odd to me.  I've tried configuring the enforcement profile to use the IP from %{Radius:IETF:NAS-IP-Address}, %{Connection:NAD-IP-Address}, and I've set it statically, but each time this warning string appears.

 

Anyway, just seeing if anyone else has had luck where I have not.  Request log attached in case anyone can see something I've missed! :)

Occasional Contributor II

Re: CLI Enforcement on ClearPass 6.3.0

Quick note... request log is in html format.  Had to change the extension to attach.

Guru Elite

Re: CLI Enforcement on ClearPass 6.3.0

Cli Enforcement in CPPM only works with Meru Controllers, unfortunately.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: CLI Enforcement on ClearPass 6.3.0

Ah, thanks.  I looked through tech notes & user guides, but didn't see any compatibility statements. Did I miss it somewhere?

 

I'm kinda surprised Aruba doesn't support this on their own controller.

 

Guru Elite

Re: CLI Enforcement on ClearPass 6.3.0

This cli enforcement  was added specifically  to support external captive portal on Meru.  It might not have been expanded  beyond that....let me check.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: CLI Enforcement on ClearPass 6.3.0

wow, I so wish somebody had made this topic 3 months earlier :smileyembarrassed:

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba

Re: CLI Enforcement on ClearPass 6.3.0

This has been tested with Cisco and Meru. As of today it does not work with Aruba gear
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: