Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Devices import into ClearPass 6.2

This thread has been viewed 11 times

  • 1.  Devices import into ClearPass 6.2

    Posted Oct 08, 2013 03:08 PM

     

    I have about 100 devices I want to mass import into ClearPass for Tacacs and radius authentication.  I did an export of working devices and see it is in XML format.  So I cut it down to one NAD Client and made the name changes and added the radius and tacas server keys as shown below (fake keys and IPs btw).  When I try to import this I get error "

     

    File contains invalid XML tags. Try export to see the valid XML tags. 
     

     

    I know this has to be because of the key I am using as if I change it to a simple key it works BUT if I enter a device one at a time it takes the key and authenticates me fine.  So is there a way for the import to work with my key?  When I do an export it does not show the keys so I do not have an export example that works.  If I try to import the export is gives errors that I "have" to set snmp strings etc....

     

     

    Here is what I want to import and get the error above:

     

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
      <TipsHeader exportTime="Tue Oct 08 14:47:52 EDT 2013" version="6.2"/>
      <NadClients>
        <NadClient description="" name="Houston-Test" coaPort="3799" coaCapable="false" vendorName="Aruba" tacacsSecret="qaE$1Ux7&XQ#9hrdYeq=94" radiusSecret="qaE$1Ux7&XQ#9hrdYeq=94" ipAddress="192.168.1.54"/>
        </NadClients>
    </TipsContents>



  • 2.  RE: Devices import into ClearPass 6.2
    Best Answer

    EMPLOYEE
    Posted Oct 08, 2013 05:09 PM
    If you export with the password on the export it will include the password

    What does your formatting look like with two devices? You might be putting a close tag in the wrong spot


  • 3.  RE: Devices import into ClearPass 6.2
    Best Answer

    Posted Oct 09, 2013 12:58 PM

    I think the issue here has to do with the characters in your shared secret ...

     

    Specifically, you need to use the appropriate XML escape sequences to pass characters that XML recognizes as "special".

     

    This includes & which should be written as &amp; - note the semicolon at the end is required!

     

    Try this instead:

     

    <NadClient description="" name="Houston-Test" coaPort="3799" coaCapable="false" vendorName="Aruba" tacacsSecret="qaE$1Ux7&amp;XQ#9hrdYeq=94" radiusSecret="qaE$1Ux7&amp;XQ#9hrdYeq=94" ipAddress="192.168.1.54"/>

     



  • 4.  RE: Devices import into ClearPass 6.2

    Posted Oct 10, 2013 03:57 PM

    Thanks guys you were both right.  Export with a password showed the correct format that was needed and the special charector did mess it up.  All good now thanks again.