Security

Reply
New Contributor
Posts: 1
Registered: ‎06-18-2014

I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve 

 

I have set up the radius server information on the procurve switch and the procurve ask Clearpass for authentication

My service in Clearpass authenticate the AD user and the tracker says authenticated. But i am not able to login to procurve switch.

 

I have defined a enforcement profile with HP-Privelege-Level=6

 

Does anyone know how to set this up correctly? I want to centralize the management login for our switches.

 

It seems to me that clearpass does not send the correct data back to procurve.

 

Really appreciate if someone can help.

 

Also is someone know how to configure this on a HP5900 switch wich is av H3C.

Occasional Contributor II
Posts: 23
Registered: ‎03-07-2014

Re: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

does any one had already done this integration thanks in advance.

CmC
Occasional Contributor II
Posts: 11
Registered: ‎08-15-2010

Re: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

[ Edited ]

I just implimented this for 5412 running 15.x code with cppm 6.4.

I have manager and operator enforcement policies mapping from TIPS role to individual AD group memberships

 

I won't go through every step in this post (maybe later), but here are some of the hurdles I overcame due to conflicting HP manuals and general CPPM newbness:

 

On service, make sure authorization is checked and configured for source.

 

For the Enforcement profile the attributes for manager (enable) and operator (read only) access should be:

Radius:IETFService-Type=Administrative-User (6)
Radius:IETFService-Type=NAS-Prompt-User (7)

 

If you are authing against Active Directory using a memberOf attribute, be sure to select "CONTAINS" instead of EQUALS when defining AD group role mapping.

 

On procurve switch, I used peap-radius for primary auth and local for secondary. This equates to [EAP-PEAP] on clearpass service authentication method.

ie.  "aaa authentication telnet enable peap-mschapv2 local"

Translation: for authenticating to switch mgmt via telnet, highest privelege, use peap/radius for primary and local user authentication for secondary method.

 

Also, on procurve switch use "aaa authentication login privilege-mode". Check manual for details, but basically if you don't have this on, it won't log in with manager (enable) level access even if you are returning the attribute from clearpass.

 

I hope this helps. If you have more questions, I'd be glad to help within forum.

Best of Luck,

CmC

 

 

 

 

 

Occasional Contributor II
Posts: 23
Registered: ‎03-07-2014

Re: I need help in configuring Aruba Clearpass as the authentication Source for HP Procurve

hi sir

 

thanks for your input, can you send us some step/procedure for the HP and clearpass , sorry im just new in clearpass,some documents that i can read to implement this right, thanks

 

//regards

Search Airheads
Showing results for 
Search instead for 
Did you mean: