Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎02-05-2015

Clearpass - Onguard - setup

Hello ,

I am new to Aruba. I was trying to setup clearpass for posture assessment of wired dot1x network connections. We use 3750 cisco switches and authentication is against AD servers. 

 

Is there is a setup guide available i can find?

Im trying to accomplish the following

1. User connects the computer 

2. onguard does the posture assessment, if passes

3. Clear pass looks for his/her department and assigns the vlan

4. If fails,shows the remediation or do auto remediation.

 

I got the vlan assignment part working as that seems self explanatory.

 

I understand that we have multiple options for doing the posture assessment 

1. webpage

2. install application 

We would like to look at both 

 

If someone can point me to a configuration guide or suggest me ideas i will be greatful.

 

Thanks!

 

 

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Clearpass - Onguard - setup

Are you working with an Aruba partner? It can be a bit complex to explain on here. 


Thanks, 
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 5
Registered: ‎02-05-2015

Re: Clearpass - Onguard - setup

[ Edited ]

This is what i have done so far.

 

we are using 802.1x to AD authentication on cisco 3750 switches.

 

On Clearpass 

Configuration -> service (new service) - 802.1x wired

defaults in the service

authentication to AD server

we are not doing any roles

 

Enforcement - new policy - I have created 2 conditions. 

1. tips: rols equals {user authentication}

 and tips:posture equals healthy(0)

Then assign employee vlan

2. Tips:role Equals 

{user authentication}

 and tips:posture NOT_Equals healthy(0)

Then cisco-wired onguard redirect and temporary vlan

 

For the cisco-wired onguard redirect profile i have set a url redirect to clearpass onguard

 

---Testing---

Connected a windows 7 machine to the port - it does the authentication and fails rightaway. 

however on the access tracker clearpass, i can see that login-status is ACCEPT 

and summary says its using the right service that i have created and it falls under condition-2 

on the output its sending the vlan attributes for temporary vlan and cisco-avpair url redirect. 

 

As its not authenticating i cant get to the url. However in the profiles when i remove the radius attribute for url redirect and keep just the vlan  machine authenticates with my credentials and gives me the vlan i need but with out posture assessment. 

 

One thing i have noticed is in access tracket - summary - I see below

 

System Posture Status:
UNKNOWN (100)

 

I must be missing something. Any help will be much appreciated.

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Clearpass - Onguard - setup

Is it machine authenticating of user?

What does the alerts tab say?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 5
Registered: ‎02-05-2015

Re: Clearpass - Onguard - setup

Yes, authentication using user credentials.

 

In the access tracker i only see summary , input and output .. I dont see alerts tab

Search Airheads
Showing results for 
Search instead for 
Did you mean: