Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Check external ClearPass endpoint database

I have a 25k high capacity guest for external users and a 5k for internal dot1x. When connecting to the public SSID via the 25k reference the endpoint repository on the 5k to see if the mac address exists on it and if so drop the access at the 25k.  I tried this with radius proxy but the device shows up as an endpoint in the 5k.  Also have to use a radius proxy service rule which is different than generic radius.  So I tried the generic SQL database using the appexternal and I can get connected but there is a problem with my query string.  This part is still new to me.  So basically I want to check the 5k endpoint DB and is the calling station mac address exist than return the role of drop the connection.  When I trip the service I get the error Failed to get value for attributes=[mac-check-db].

 

error.png

 

 

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Check external ClearPass endpoint database

Can you post the query you're using?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: Check external ClearPass endpoint database

Thanks for the followup.  

 

SELECT mac FROM endpoints where mac = '%{Radius:IETF:Calling-Station-Id}';

 

 

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Check external ClearPass endpoint database

Can you trying using Connection:Client-Mac-Address-Lower instead of calling station ID?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: Check external ClearPass endpoint database

This is the information from the Alerts tab now.

 

 

Failed to construct filter=SELECT mac FROM endpoints where mac = '%{Connection:Client-Mac-Address-Lower}';
.
Failed to get value for attributes=[mac-check-db]

 

Here is how I entered it.

 

SELECT mac FROM endpoints where mac = '%{Connection:Client-Mac-Address-Lower}';

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Search Airheads
Showing results for 
Search instead for 
Did you mean: