08-28-2014 04:52 AM
I'm having a problem with a mixed network of HP and Aruba access points. The same SSID is on both (in different buildings) and authenticating to the same clearpass server cluster.
On the Aruba side, I get the Radius:Aruba:Aruba-Essid-Name attribute in the request, and I get a computer attribute of Connection:SSID to match.
On the HP side, the SSID is in Radius:Colubris:Colubris-AVPair attribute as a key-value pair (ssid=xxx), and there is no Connection:SSID computed attribute.
Does anyone know of a way to convince Clearpass to compute the SSID attribute with an HP access point? Or, can anyone suggest an alternate approach? My goal is to process the SSID with a single service rule in Clearpass, mainly for statisitics purposes.
If I took out the nas-port-type and service-type matches in the service rule, I could do with with a "match any" rule, but I'm not sure if that's a good idea.
08-28-2014 05:24 AM
Your last sentence is something that could work. I don't foresee it as causing any other issue especially if the service ordering is correct.
The best bet is having two services as I can also see that a combined enforcement policy mixing Aruba VSAs with another vendor may be a bit complex.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos