Security

last person joined: 13 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Location Based Services in Controller and AAA

This thread has been viewed 1 times

  • 1.  Location Based Services in Controller and AAA

    Posted Jun 06, 2015 12:08 PM

    I have a single SSID on my network and i want to offer LBS. How i can configure the LBS services based on AAA. I think that ap-group is the best option but the point is how my AAA will read ap-group attribute in order to decide which service should be allowed based on the ap-group. I need to know which AAA attribute will help to learn the ap-group in radius request?

     

    Which AAA attribute i should use to get the ap-group information from controller in AAA request?



  • 2.  RE: Location Based Services in Controller and AAA

    EMPLOYEE
    Posted Jun 06, 2015 12:13 PM
    The AP group and AP name are both sent in the radius request. Which RADIUS server are you using?


    Thanks,
    Tim


  • 3.  RE: Location Based Services in Controller and AAA

    Posted Jun 06, 2015 12:17 PM

    Thanks for your kind reply,

     

    As of now any AAA just consider as standered AAA server which can authenticate any radius request.

     

    I agree we are sending both but i need to hit the policy based on ap-group. which attribute of aaa i should consider it.



  • 4.  RE: Location Based Services in Controller and AAA

    EMPLOYEE
    Posted Jun 06, 2015 12:35 PM
    We would need to know what kind of radius server you are using in order to help.


    Thanks,
    Tim


  • 5.  RE: Location Based Services in Controller and AAA

    Posted Jun 07, 2015 01:28 AM

    It is Accuries AAA



  • 6.  RE: Location Based Services in Controller and AAA

    EMPLOYEE
    Posted Jun 07, 2015 07:49 AM

    Ali Haider,

     

    The radius attribute you are looking for is the Aruba-AP-Group attribute.  The Value is attribute Number 10 and Aruba is Vendor ID 14823.  Aruba sends the Ap-Group as a string value in authentication requests to the radius server.  If you can configure your radius server to identify that value, you might be able to accomplish what you want:

     

     

     

     

    (Aruba7640-US) #show aaa radius-attributes | include Aruba
Aruba-Auth-SurvMethod             39     Integer      Aruba      14823
Aruba-Mdps-Max-Devices            18     Integer      Aruba      14823
Aruba-CPPM-Role                   23     String       Aruba      14823
Aruba-Mdps-Device-Version         21     String       Aruba      14823
Aruba-AirGroup-Shared-User        25     String       Aruba      14823
Aruba-Device-Type                 12     String       Aruba      14823
Aruba-Mdps-Device-Imei            16     String       Aruba      14823
Aruba-AP-Group                    10     String       Aruba      14823
Aruba-Named-User-Vlan             9      String       Aruba      14823
Aruba-Mdps-Device-Serial          22     String       Aruba      14823
Aruba-Mdps-Device-Name            19     String       Aruba      14823
Aruba-AS-User-Name                29     String       Aruba      14823
Aruba-AS-Credential-Hash          30     String       Aruba      14823
Aruba-Auth-Survivability          28     String       Aruba      14823
Aruba-Framed-IPv6-Address         11     String       Aruba      14823
Aruba-Priv-Admin-User             3      Integer      Aruba      14823
Aruba-AirGroup-Version            38     Integer      Aruba      14823
Aruba-WorkSpace-App-Name          31     String       Aruba      14823
Aruba-Template-User               8      String       Aruba      14823
Aruba-Location-Id                 6      String       Aruba      14823
Aruba-Mdps-Device-Profile         33     String       Aruba      14823
Aruba-AirGroup-Shared-Group       35     String       Aruba      14823
Aruba-AirGroup-User-Name          24     String       Aruba      14823
Aruba-Network-SSO-Token           37     String       Aruba      14823
Aruba-AirGroup-Shared-Role        26     String       Aruba      14823
Aruba-Mdps-Device-Iccid           17     String       Aruba      14823
Aruba-Port-Id                     7      String       Aruba      14823
Aruba-No-DHCP-Fingerprint         14     Integer      Aruba      14823
Aruba-Mdps-Provisioning-Settings  32     String       Aruba      14823
Aruba-Mdps-Device-Product         20     String       Aruba      14823
Aruba-User-Vlan                   2      Integer      Aruba      14823
Aruba-AirGroup-Device-Type        27     Integer      Aruba      14823
Aruba-User-Group                  36     String       Aruba      14823
Aruba-AP-IP-Address               34     IP Addr      Aruba      14823
Aruba-Mdps-Device-Udid            15     String       Aruba      14823
Aruba-Admin-Role                  4      String       Aruba      14823
Aruba-User-Role                   1      String       Aruba      14823
Aruba-Essid-Name                  5      String       Aruba      14823