Security

Reply
Frequent Contributor II
Posts: 129
Registered: ‎08-07-2013

Clearpass/PAN Wired MAB User-id Issue

I have been following several guides by Danny Jump,

 

ClearPass 6.X and PANW Integration V5

and

PANW and CPPM Advanced Deployment use-case TechNote (V2-July 2014).pdf

 

Which have helped with the wireless integration but I'm missing something in the enforcement policy or profile because wireless. I do not see an accounting tab on the access Tracker but the username is being populated correctly from the Guest Device Repository. I see the IP being updated in the EP database. I can provide more information just not sure where to go next.

 

Thanks,

 

Rosie

Guru Elite
Posts: 8,743
Registered: ‎09-08-2010

Re: Clearpass/PAN Wired MAB User-id Issue

What kind of switch?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 129
Registered: ‎08-07-2013

Re: Clearpass/PAN Wired MAB User-id Issue

Only the best, Alcatel.

Frequent Contributor II
Posts: 129
Registered: ‎08-07-2013

Re: Clearpass/PAN Wired MAB User-id Issue

I have the following configurations on the Alcatel switch

 

aaa radius-server "Clearpass" host x.x.x.x <other stuff> auth-port 1812 acct-port 1813

aaa authentication mac Clearpass

aaa accounting mac Clearpass

 

 

802.1x 1/31 direction both port-control auto quiet-period 60 tx-period 30 supp-timeout 30 server-timeout 30 max-req 2 re-authperiod 3600 no reauthentication
802.1x 1/31 supplicant bypass enable
802.1x 1/31 captive-portal session-limit 12 retry-count 3
802.1x 1/31 captive-portal inactivity-logout disable
802.1x 1/31 supp-polling retry 10
802.1x 1/31 supplicant policy authentication pass group-mobility default-vlan fail block
802.1x 1/31 non-supplicant policy authentication pass group-mobility block fail default-vlan
802.1x 1/31 captive-portal policy authentication pass default-vlan fail block

Frequent Contributor II
Posts: 129
Registered: ‎08-07-2013

Re: Clearpass/PAN Wired MAB User-id Issue

I see data coming in the live monitoring->accounting but not under a tab for the connection in Access Tracker. What I'm also not seeing come across from multiple switch vendors is Framed IP Address. I'm wondering if this is why I'm not seeing the data in PAN.

Search Airheads
Showing results for 
Search instead for 
Did you mean: