Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

This thread has been viewed 0 times

  • 1.  I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

    Posted Jun 18, 2014 04:10 AM

    I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve 

     

    I have set up the radius server information on the procurve switch and the procurve ask Clearpass for authentication

    My service in Clearpass authenticate the AD user and the tracker says authenticated. But i am not able to login to procurve switch.

     

    I have defined a enforcement profile with HP-Privelege-Level=6

     

    Does anyone know how to set this up correctly? I want to centralize the management login for our switches.

     

    It seems to me that clearpass does not send the correct data back to procurve.

     

    Really appreciate if someone can help.

     

    Also is someone know how to configure this on a HP5900 switch wich is av H3C.



  • 2.  RE: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

    Posted Aug 27, 2014 12:12 PM

    does any one had already done this integration thanks in advance.



  • 3.  RE: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

    Posted Sep 10, 2014 04:34 PM

    I just implimented this for 5412 running 15.x code with cppm 6.4.

    I have manager and operator enforcement policies mapping from TIPS role to individual AD group memberships

     

    I won't go through every step in this post (maybe later), but here are some of the hurdles I overcame due to conflicting HP manuals and general CPPM newbness:

     

    On service, make sure authorization is checked and configured for source.

     

    For the Enforcement profile the attributes for manager (enable) and operator (read only) access should be:

    Radius:IETFService-Type=Administrative-User (6)
    Radius:IETFService-Type=NAS-Prompt-User (7)

     

    If you are authing against Active Directory using a memberOf attribute, be sure to select "CONTAINS" instead of EQUALS when defining AD group role mapping.

     

    On procurve switch, I used peap-radius for primary auth and local for secondary. This equates to [EAP-PEAP] on clearpass service authentication method.

    ie.  "aaa authentication telnet enable peap-mschapv2 local"

    Translation: for authenticating to switch mgmt via telnet, highest privelege, use peap/radius for primary and local user authentication for secondary method.

     

    Also, on procurve switch use "aaa authentication login privilege-mode". Check manual for details, but basically if you don't have this on, it won't log in with manager (enable) level access even if you are returning the attribute from clearpass.

     

    I hope this helps. If you have more questions, I'd be glad to help within forum.

    Best of Luck,

    CmC

     

     

     

     

     



  • 4.  RE: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

    Posted Sep 12, 2014 05:48 AM

    hi sir

     

    thanks for your input, can you send us some step/procedure for the HP and clearpass , sorry im just new in clearpass,some documents that i can read to implement this right, thanks

     

    //regards