Security

Reply
Super Contributor I
Posts: 303
Registered: ‎02-07-2013

Who do I shout at about a really silly bit of cppm that can cause us loads of issues

<grumble>

o.k. while I'm a great fan of clearpass, there's 1 bit that makes me want to scream and shout because I've been bitten by it a couple of times that really screws up our clearpass service. You could say its my fault but I don't think it should happen anyway.</grumble>

 

When creating services /profiles whatever in clearpass, I put a timestamp in the name so anyone can easily see when something changes. In general this works fine and if I change the  items name, the name change gets reflected down wherever the object is used ..... except ......... in 3 occasions

 

1). if its an authentication data source name that you use in an enforcement policy. The name change changes everywhere else but not there. The net result is that an enforcement policy might not get obeyed.

2). if you change the name of an enforcement profile then that doesn't get reflected in the enforcement policy either.

3). If in your enforcement policy you try and specify an alias generated by  an authentication source e,g assigning a numeric vlan to a tunneled-private-group-id RADIUS attribute, then this doesn't get changed. I can sort of see why this wouldn't but the other 2 certainly should chagne when you change the name.

(see below) So who do I grumble at to try and get this fixed?

 

Rgds

Alex

 

 

%{Authorization:M_and_M data_source - 271015:this_vlanid}

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Who do I shout at about a really silly bit of cppm that can cause us loads of issues

The variables will never update since they're static text.

I would open a TAC case and involve your SE on the others.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 303
Registered: ‎02-07-2013

Re: Who do I shout at about a really silly bit of cppm that can cause us loads of issues

Yup, thought that might be the case for the contents of the enforceent profile. o I'll chase it up through the TAC along with a docuented example

 

Rgds

 

Alex

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: