Security

Reply
New Contributor
Posts: 2
Registered: ‎03-04-2016

VIA users through ClearPass proxy Radius to Radius AD (NPS)

I need to work out how to differentiate RADIUS request coming from the same controller but from different interfaces (SSID clients from APs, VIA users, etc).

 

I thought in this solution: a field in the RADIUS request unique for VIA users in order to identify the origin in Radius AD (NPS). Is it possible to add a field to the VIA users RADIUS request in the controller?

 

What I have seen in the RADIUS request are common parameters to all the request that come frome Wireless Controller:

 

RADIUS Request
Radius:Aruba:Aruba-AP-Group N/A
Radius:Aruba:Aruba-Location-Id N/A
Radius:IETF:Called-Station-Id
Radius:IETF:Calling-Station-Id 1.2.3.4
Radius:IETF:Framed-IP-Address 1.2.3.4
Radius:IETF:NAS-Identifier Wireless-VPN
Radius:IETF:NAS-IP-Address 10.10.10.10
Radius:IETF:NAS-Port 0
Radius:IETF:NAS-Port-Type 19
Radius:IETF:Service-Type 1
Radius:IETF:User-Name

 

Thank you in advance for your help.

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: VIA users through ClearPass proxy Radius to Radius AD (NPS)

[ Edited ]

The VIA client would use PAP.  Your wireless clients (if they are not captive portal) would use PEAP/MSChapV2.

 

Edit:  I am wrong:  Please use the attached service rules to narrow down your VIA traffic:

via.JPG

 

The highlighted portion is not necessary

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: VIA users through ClearPass proxy Radius to Radius AD (NPS)

If you don't have APs on the "default" AP-GROUP serving clients you can use that as an attribute in combination with location ID "N/A"

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: