Security

Reply
MVP
Posts: 1,110
Registered: ‎10-11-2011

Offloading RAP Whitelist

Is there any documentation on how to configure ClearPass for offloading the RAP whitelist?  I'm pretty sure I've got it figured out, but would like to compare it against any documentation that may be out there.

 

Also, I'm trying to figure out how to assign a unique ap name for each RAP via the offload RAP whitelist method.  My understanding is that the name is pushed via the RADIUS response "aruba-location-id" and the RAP name as the value.  However, would this not require a unique enforcement profile for each RAP if the goal is to assign a unique name to each RAP in the RADIUS response?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 20,762
Registered: ‎03-29-2007

Re: Offloading RAP Whitelist

[ Edited ]

Compnerd,

 

Both of the Radius:Aruba attributes below are the ones that are needed to push the ap-group and the ap-name.  Please note that this enforcement profile points to Activate Attributes that were populated from CPPM synching to Activate.  The %Device Folder and the %Device Name are just attributes added to the endpoint database from the device Sync.  This enforcement profile just points to the Device Folder attribute and the device name attribute to populate the Ap-Group and the AP-Name.  Get it?..

 

activate-attributes.PNG



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Offloading RAP Whitelist

Yes, makes if you're using activate. If not than I don't see how to push the name without creating multiple profiles.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Offloading RAP Whitelist

Maybe I could accomplish the same thing by adding the Raps to the endpoint database and referencing the attribute like in your example.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 20,762
Registered: ‎03-29-2007

Re: Offloading RAP Whitelist

thecompnerd,

 

The name of the AP must exist as an attribute in the endpoint database the endpoint reference can be changed to point to whatever attribute you have listed as the access point.  That means you will have to add an attribute to endpoint database that will contain the name and change the radius attribute to point to that.  You can do that with the same enforcement profile.  does that make sense?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 20,762
Registered: ‎03-29-2007

Re: Offloading RAP Whitelist


thecompnerd wrote:
Maybe I could accomplish the same thing by adding the Raps to the endpoint database and referencing the attribute like in your example.

DING DING DING!



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Offloading RAP Whitelist

[ Edited ]

Haha! Thanks for the info.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: