Security

Reply
Highlighted
Occasional Contributor II

Radius request from Aruba and Cisco to CPPM

Hello,  I have an 802.1x TLS secured network with clients coming from both Aruba and Cisco campus AP's.  In CPPM, I have the following service:

 

With the below service, all have to match in order to use it, but because clients are authenticating from both Cisco and Aruba, the only way it works is to turn off service rule 3.   Is there a field that gets passed from both Cisco and Aruba that can be used to identify the SSID or something else to define the service a bit more than leaving it without the third ruleset.1.PNG

Guru Elite

Re: Radius request from Aruba and Cisco to CPPM

I'm not really understanding what you're trying to do.

 

You should have 1 service for Aruba and 1 service for Cisco. Aruba will send the SSID using an Aruba VSA as Aruba-Essid-Name (as you have defined already). Cisco will send the SSID number using an Airespace VSA as the Airespace-Wlan-Id.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Radius request from Aruba and Cisco to CPPM

Ah, okay.  I was trying to collapse it into one service.  Do I have to enable specific vendor attributes to see Airespace or is that enabled by default.

 

thanks.

Guru Elite

Re: Radius request from Aruba and Cisco to CPPM

You should always use separate services for different vendors as the responses will be very different. You can reuse the role map for both services though which should make things much easier.

 

The Airespace dictionary is disabled by default. You can enable it under Administration > Dictionaries > RADIUS


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: