Security

Reply
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

How to Build Policy Simulation for Service Categorization

I am attampting to use the Policy Simulation to build a Serivce Categorization.  Attached is my simulation, but it doesn't seem to match a valid service I have running. I am attaching the screenshot and policy simulation file.

 

Are there any docs or examples of how to build a simulation and test it against a service?

Guru Elite
Posts: 8,167
Registered: ‎09-08-2010

Re: How to Build Policy Simulation for Service Categorization

Can you confirm that some of those attributes are present as service rules in an active service?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: How to Build Policy Simulation for Service Categorization

Here is the attached simulation file.

Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: How to Build Policy Simulation for Service Categorization

Tim,

 

I am learning ClearPass, so be gentle as I am likely missing something obvious.  Total NOOB here. I took a working Wired 802.1x service and looked in Access Tracker to see a valid request that came in and tried to replicate those Radius reqeust attributes in the policy simulation.  Is that a valid way to go about building a simulation?  Attached is the Wired service I built the policy from.

 

 

Guru Elite
Posts: 8,167
Registered: ‎09-08-2010

Re: How to Build Policy Simulation for Service Categorization

Hm. The service rules look correct.

 

Are you working with an Aruba partner? It looks like this is a proof of concept build.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: How to Build Policy Simulation for Service Categorization

I am working with Aruba directly as we are testing the product and trying to get familiar with its capabilities.  The Policy Simulation was intriguing if I can get it working.

Guru Elite
Posts: 8,167
Registered: ‎09-08-2010

Re: How to Build Policy Simulation for Service Categorization

Can you try creating a simulation with just the basics:

 

NAS Type: Generic

Authentication outer method PEAP

Username

Password

IETF NAS-Port-Type 15


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: How to Build Policy Simulation for Service Categorization

Thanks for your help Tim.  Not sure I am doing this right.  I have attached the simulation I built for your review. 

 

Couple of Questions if I may:

 

1.  Does the order of attributes in the RADIUS request matter?

2.  Where is NAS Type Generic?  I didn't see where to select that attribute?

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: How to Build Policy Simulation for Service Categorization

You must add a connection Type in the test.

 

Mark,

 

I updated my lab on your test. You can see the results there. I aslo trigger my services based on NAS IP so you also need to add the IP of the switch. 

 

Screen Shot 2014-12-17 at 11.47.37 PM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: How to Build Policy Simulation for Service Categorization

Thanks Troy.  That was the missing piece.

Search Airheads
Showing results for 
Search instead for 
Did you mean: