Search the Community
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
I had this issue resolved back in October of 2017 but for whatever reason I am running into this situation again. I have a WLAN (CDT-Green) that is supposed to redirect user web traffic to a custom captive portal page where they have to hit the "accept" button to get to the internet. I can connect to the WLAN just fine using the password, but when I open a web browser, the WLC (3200XM) is not redirecting the traffic to the captive portal page. The configs are as follows:
wlan virtual-ap "CDTGreen"
aaa profile "CDTGreen_AAA" (the initial role here is "logon")
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6
logon 2 Up: No Limit,Dn: No Limit logon-control/,captiveportal/,vpnlogon/,v6-logon-control/,captiveportal6/
aaa authentication captive-portal "default"
login-page "/upload/custom/default/Captive Portal3.htm"
any help you can provide would be fantastic! Thanks!
I want to try the centralized image upgrade feature. I have (hopefully) a simple question - it doesn't look like you can specify which partition the new image will be saved to on the locals when they download it from the image server, is there a way of specifying this? Or how is it chosen? Does it use th current boot partition?
Please search the support knowledgebase for your questions. The second link should have your answer:
Hello, wondering if it's possible to export the entire access tracker log to a file.
What exactly do you mean by entire Access Tracker log? You can export a single authenticati...
What exactly do you mean by entire Access Tracker log?
You can export a single authentication/authorization record from the Access Tracker and cannot export many or all the records together.
Syslog export would help, if you want to export all the access tracker records to an external system.
First off, I am new to using CPPM as a TACACS server but have been using it for RADIUS for a little while.
I am trying to use Authorization Attributes from active directory to map roles and then use those tips roles to enforce different profiles. I am already doing this on the RADIUS side to push down wireless roles to controllers. Now I'm trying my hand at TACACS
I have read a handful blog posts, watched videos, and used ASE templates but for some reason Authorization Attributes never shows up in the Request tab in the log. If reference AD Authorization Attributes in the Enforcement Policy magically it shows in the log, but still has no effect on the Role Mapping.
I have looked through my AD server in Authentication Sources and I have "Used for Authorization" checked (all this is working for RADIUS)
I'm at a loss and thought I would start here before TAC
They won't show up in Access Tracker if you're not addressing/using them in some way. So define a R...
They won't show up in Access Tracker if you're not addressing/using them in some way. So define a Role Mapping to your Service where you pick up on type "Authorization:MYAD:memberof", do a TACACS auth from your device and you should see all the available attributes in your Access Tracker entry.
Does anyones knows if Aruba is planning to develop DHCP Server feature on the 2530 switches?
This is a really good price-features switch and this feaute could help me to push more business in the SMB market in Central America.
The 2530 is layer 2 only switch, so I don't think DHCP server will be added to this line of switche...
The 2530 is layer 2 only switch, so I don't think DHCP server will be added to this line of switches. The 2540 is layer 3 lite which supports DHCP server. In order to verify future information, it's probably best to contact your Aruba representative.
I am trying to teach myself to use the Central API and i am having trouble getting off the ground. I can't even figure out how to obtain an auth code form the API using my client_id. I obviously missing something, and admitedly don't have any experience in this. Every time i try to use the API it comes back saing "The access token is missing", but i'm trying to obtain an access token. I can't possible need an access token to get an access token. Does anyone have some resources to help het me on my feet with the API?
1. I hope API GW is enabled for your account. 2. Learn the swagger tool by following the doc attac...
1. I hope API GW is enabled for your account.
2. Learn the swagger tool by following the doc attached.
3. Now you can authenticate using an external app as well using the attached script.
4. You have to refresh the token, every two hours. script attached.
5. Attaching a sample python script that helps to list create delete groups in central using API calls.
Remember you are on a production account & not internal.
Also consult this:
Hope this helps.
I wanna prepare Clearpass for Active Directory Authentification. I am following the latest ClearPass_Deployment_Guide.pdf (see attached) and using ClearPass Policy Manager 18.104.22.168729 on C1000V (Trial Version) platform. AD is running on W Server 2008 R2 Standard.
I was able to join the Domain but with an Error "WARNING - Failed to fetch Domain Info for = SD)". But the Computer "CLEARPASS" is created in the AD.
Now to the problem: When I try to authenticate a user using the console "ad auth" it fails with the error "NT_STATUS_IO_TIMEOUT".
I would be very grateful if somebody can help me :)
I am testing with Airwave and added a new group with IAP cluster in the newly created group initially by monitoring only. All the time when I go to group settings Templates I see it blank like here, there is just nothing. I know how it should look from another group I have but it's not just blank.
Initially I was thinking it is because all my devices are in monitoring mode, then I was doing some changes on the IAP controller directly and enabled read/write for all devices in the group. As a result the audit told me I have deviation in the config (because I was doing some changes directly on the IAP before enabling RW mode and disable local IAP UI control). Airwave managed to fix the deviation by applying the prevoius config.
So the question here is why I do not see anything in the template section while if I go directly on the controller I see that there is alreary some template, but I do not see nothing in Templates section. The template is created automatically I guess during the initial import of the device as the fw version is older:
OK, I found why is that after creating and moving all devices to a new group where templates work. ...
OK, I found why is that after creating and moving all devices to a new group where templates work. The previous group was having the option selected to show settings for all devices in "Basic", not only select on these which are on the AMP or group.
And that's why I was seeing some options for Cisco. Now I selected only Aruba and templates are back even in that group. It's good that Airwave shows some warning like "Templates are not available in a group with multiple vendor devices" and not wondering why nothing is shown.
Thanks for the help!
I need to convert and preconfigure a lot of IAPs to campus mode and make them to join to a remote controller. After this they will be installed on many sites, every site will contain 1 router and a couple of APs. Every AP will join to the same controller. The routers are preconfigured, and grant L3 connection between the APs and controller through VPN tunnel.
Now the conversion is very slow through VPN, so I wondering about to make it faster.
To make the preconfiguration more fast I wondering about install a small temporary controller on the configuration site with the same IP address and ArubaOS version as the final, and prepare the APs by that. Is it work, if I prepare the APs by the temporary controller, will the APs join to the final controller with the same IP address after install on sites?
I have no access for routers and central controller, only for APs.
In theory, you could do this. The most time-consuming part is actually doing the conversion.&...
In theory, you could do this. The most time-consuming part is actually doing the conversion. If you made the largest cluster possible, you could convert all of the APs in an Instant cluster at a time, to save time. If where you are staging the cluster is routable to the destination controller, you could just use the production controller to convert the cluster...
I connected IAP-305 first time to configure.
Connected to PoE switch port configured with VLAN 1.
I am able to connect instant ssid but when I try to open instant.arubanetworks.com it is not coming up.
When I Ping to instant.arubanetworks.com it is replying with bogus IP.
But Wireless NIC is getting ip which I attached in this query.
Please help what I am doing wrong.