Security

Reply
Regular Contributor I
Posts: 178
Registered: ‎10-20-2010

Devices import into ClearPass 6.2

 

I have about 100 devices I want to mass import into ClearPass for Tacacs and radius authentication.  I did an export of working devices and see it is in XML format.  So I cut it down to one NAD Client and made the name changes and added the radius and tacas server keys as shown below (fake keys and IPs btw).  When I try to import this I get error "

 

File contains invalid XML tags. Try export to see the valid XML tags. 
 

 

I know this has to be because of the key I am using as if I change it to a simple key it works BUT if I enter a device one at a time it takes the key and authenticates me fine.  So is there a way for the import to work with my key?  When I do an export it does not show the keys so I do not have an export example that works.  If I try to import the export is gives errors that I "have" to set snmp strings etc....

 

 

Here is what I want to import and get the error above:

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Tue Oct 08 14:47:52 EDT 2013" version="6.2"/>
  <NadClients>
    <NadClient description="" name="Houston-Test" coaPort="3799" coaCapable="false" vendorName="Aruba" tacacsSecret="qaE$1Ux7&XQ#9hrdYeq=94" radiusSecret="qaE$1Ux7&XQ#9hrdYeq=94" ipAddress="192.168.1.54"/>
    </NadClients>
</TipsContents>

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Devices import into ClearPass 6.2

If you export with the password on the export it will include the password

What does your formatting look like with two devices? You might be putting a close tag in the wrong spot
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 113
Registered: ‎11-21-2011

Re: Devices import into ClearPass 6.2

I think the issue here has to do with the characters in your shared secret ...

 

Specifically, you need to use the appropriate XML escape sequences to pass characters that XML recognizes as "special".

 

This includes & which should be written as &amp; - note the semicolon at the end is required!

 

Try this instead:

 

<NadClient description="" name="Houston-Test" coaPort="3799" coaCapable="false" vendorName="Aruba" tacacsSecret="qaE$1Ux7&amp;XQ#9hrdYeq=94" radiusSecret="qaE$1Ux7&amp;XQ#9hrdYeq=94" ipAddress="192.168.1.54"/>

 

Regular Contributor I
Posts: 178
Registered: ‎10-20-2010

Re: Devices import into ClearPass 6.2

Thanks guys you were both right.  Export with a password showed the correct format that was needed and the special charector did mess it up.  All good now thanks again.

Search Airheads
Showing results for 
Search instead for 
Did you mean: