Security

Reply
Regular Contributor II

Packetshaper admin access using radius with Clearpass Policy Manager- Jan15-MHC

PACKETSHAPER ADMIN ACCESS USING RADIUS WITH CLEARPASS

 

In this article I’ll try to explain how we can do radius authentication for administrator access in bluecoat packetshaper with Clearpasss Policy manager.

 

 

 

BLUECOAT PACKETSHAPER WITH CLEARPASS

 

Here I assume that you have a packetshaper up & running. First thing you should know to perform this operation is packetshaper’s administrative mode.

In packetshaper there are two mode

  1. Touch [For read & write]
  2. Look [For read only]

# For details https://bto.bluecoat.com/webguides/packetguide/11.1/nav/tasks/configure/setup-security.htm

 

So here we’ll do touch login. For that we need some special attribute called “access=touch”. It should come from CPPM, through this attribute only packetshaper can understand ‘oh! This is my administrator, so give him read & write access.

 

 

 

 

 

  1. Configuring CPMM
  • Log in to the CPPM & go to Administration » Dictionaries » RADIUS.

 

There you will get all predefined Vendor and VSA, [If you want you can import your own also] now go to Packeteer Vendor name and enable [by default it’s disabled].

1.jpg

 

 

  • Open Configuration » Network » Devices

And add that Packetshaper, remember here you have to give vendor name [Packetshaper]

If you want you can create a Device group for this PS [Best Practice].

 

2.jpg

 

  • Go to Configuration » Enforcement » Profiles »

Add a Enforcement profile, & in attribute tab choose ‘Radius: Packeteer’ & value ‘access=touch’

[you have to enter this manually, remember this is case sensitive]

 

3.jpg

 

  • Switch to Configuration » Enforcement » Policies »

Choose ‘default role’, create one Tips role with a value [enter manually & remember, because we have to create same ‘Roles’ for local user, this is case sensitive], assign the enforcement policy.

 

4.jpg

 

  • Now open Configuration » Identity » Roles

Assign the same name as assigned in enforcement policy. In my case both are

< packetshaper_admin_access >

 

5.jpg

 

  • Role mapping is not required, but you can configure if you want.
  • Go to Configuration » Identity » Local Users

Create one user, and assigned that role, which we configured in Roles [This is the most important steps, because from here CPPM will start to retrieve the vendor specific attribute and vendor id. [Retrieving will be like this # user>Roles>Enforcement policy> Enforcement Profile> access=touch, & vendor id, etc.]

 

6.jpg

 

  • Create one service [Configuration »Services],

Here I’ll use Internal DB as an authentication source, if you want you can use AD for authentication source.

 

 

  • In Enforcement add the appropriate enforcement profile.

8.jpg

  1. Configuring Packetshaper :
  • Login to the PS as touch [read & write], & go to setup>Radius client

In the authentication host tab, put the IP address of the CPPM, turn on the authentication. That’s all.

 

9.jpg

 

                                 ALL HAS DONE, IT’S TIME TO CHECK OUTPUT                                         

 

  • In CPPM Access Tracker.

10.jpg

 

11.jpg

 

12.jpg

 

  • In Clearpass policy simulation.

13.jpg

 

 

14.jpg

 

  • In Bluecoat Packetshaper.

15.jpg

 

 

 

#If you found my post helpfull, Give me Kudos

 

SumaN

 

Frequent Contributor II

Re: Packetshaper admin access using radius with Clearpass Policy Manager- Jan15-MHC

Great Article.

 

I am gonna do it.

 

Rana

rana
Frequent Contributor II

Re: Packetshaper admin access using radius with Clearpass Policy Manager- Jan15-MHC

I checked.

 

This in working fine.

 

Rana

rana
Frequent Contributor I

Re: Packetshaper admin access using radius with Clearpass Policy Manager- Jan15-MHC

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: