Security

Is there a way to pass Aruba-Device-Type from a controller to CPPM?  i.e. Controller indicates device type is Chromebook and passes that information to CPPM so it can make a decision.  We're trying to ID chromebooks dynamically with MAC authentication (MAC in CPPM endpoint database).  Is this possible?

Yes, it is automatically included in the RADIUS request. You can reference it in the role map or enforcement using RADIUS:Aruba:Aruba-Device-Type

OK then that is the part that is broken I think.   We do not see it in the input tab since the AOS upgrade.  That is how it was set up before the AOS upgrade and it worked.  Since AOS upgrade, it is no joy...

What code? I see it in 6.4.2.2

Opps, sorry.

AOS 6.3.1.13

CPPM 6.3.4.xxxx

We just upgrade the AOS code.  We're hoping to upgrade CPPM version in a couple of weeks as we didn't want to change AOS & CPPM at the same time for troubleshooting reasons (if there was a problem).

Are you seeing the device type in the user table?

Yes, I am seeing it there.  It is also (as expected) showing up in the WebUI as well.

TAC just called and they are going to check on versioning information in regards to this situation.  I swear it was working before the AOS upgrade but I'm old & forget things sometimes.

One other thing that you could possibly do is configure IF-MAP between the Aruba Controller and ClearPass, so that it passes that information from http user agent strings and mdns queries to clearpass from the device-type table of the controller:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Management_Utilities/CPPM-ifmap.htm

I did a packet capture and radius is returning the fingerprint of the OS correctly to CPPM.  CPPM is not dealing with it properly for some reason.