Security

Reply
Contributor II
Posts: 44
Registered: ‎08-08-2013

HP/Colubris SSID in Clearpass

Hello;

 

I'm having a problem with a mixed network of HP and Aruba access points.  The same SSID is on both (in different buildings) and authenticating to the same clearpass server cluster.

 

On the Aruba side, I get the Radius:Aruba:Aruba-Essid-Name attribute in the request, and I get a computer attribute of Connection:SSID to match.

 

On the HP side, the SSID is in Radius:Colubris:Colubris-AVPair attribute as a key-value pair (ssid=xxx), and there is no Connection:SSID computed attribute.

 

Does anyone know of a way to convince Clearpass to compute the SSID attribute with an HP access point?  Or, can anyone suggest an alternate approach?  My goal is to process the SSID with a single service rule in Clearpass, mainly for statisitics purposes.

 

If I took out the nas-port-type and service-type matches in the service rule, I could do with with a "match any" rule, but I'm not sure if that's a good idea.

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: HP/Colubris SSID in Clearpass

Your last sentence is something that could work.  I don't foresee it as causing any other issue especially if the service ordering is correct.  

 

The best bet is having two services as I can also see that a combined enforcement policy mixing Aruba VSAs with another vendor may be a bit complex. 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor II
Posts: 44
Registered: ‎08-08-2013

Re: HP/Colubris SSID in Clearpass

I thought about that, but I do this now to set the admin role for my Palo Alto and Aruba devices within a single enforcement policy and it seems to work fine.

Search Airheads
Showing results for 
Search instead for 
Did you mean: