Security

Reply
Contributor II

CPPM PAN integration for 802.1X and Guest MAC Caching

Following this document...

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=17560

 

...I configured my enforcement profile as described on page 19. Am I to understand that when configured exactly as described, CPPM will inform PAN/Panorama of the username, regardless of the type of CPPM service (e.g. 802.1X, Guest MAC caching or Guest captive portal)? It seems to me that unless we explicitly call some variable from the authentication request such as Radius:IETF:User-Name or Endpoint:Username (assuming this attribute exists), it's not very clear what info gets sent to PAN.

 

I see in an older document (https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14554) that we actually call "Session-Check" referencing the above variable, but this is not consistent in the newer document. It doesn't seem to me that ClearPass can just make an educated guess; it needs to be told which attribute to send to PAN for the username.

 

To summarize in case it's not clear, I'm trying to make sure I'm getting my enforcement profiles set up correctly to send the appropriate username in all cases.

 

We are on 6.6.5.

Tim Haynie, ACMX #508, ACDX #384, ACCP, CWSP, CWAP, CWDP, CCNP R/S, CCNP Wireless, CCNA Security, CCDA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: