AAA, NAC, Guest Access & BYOD

 View Only
last person joined: 13 days ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect

SuperMicro Server Radius Login against CPPM

By esupport posted Jan 24, 2023 09:12 AM

  
Requirement:

 

SuperMicro Server Radius Login against CPPM 



Solution:

 

In order to get the Login work with CPPM, we need to import the attached Radius Dictionary in the CPPM and Enable the Dictionary.

  • Policy Manager » Administration » Dictionaries » RADIUS » Click on Import and import the attached Radius Dictionary XML File » Enable the imported Radius XML 


Short summary about the permissions that could be returned :

 

  • Value = H=1, I=1 = Callback - No Access

    This may be considered the lowest privilege level. Only commands necessary to support initiating a Callback are allowed.

  • Value = H=2, I=2 = User

    Only 'benign' commands are allowed. These are primarily commands that read data structures and retrieve status. Commands that can be used to alter BMC configuration, write data to the BMC or other management controllers or perform system actions such as resets, power on/off, and watchdog activation are disallowed.

  • Value = H=3, I=3 = Operator

    All BMC commands are allowed, except for configuration commands that can change the behavior of the out-of-band interfaces. For example, Operator privilege does not allow the capability to disable individual channels, or change user access privileges.

  • Value = H=4, I=4 = Administrator

    All BMC commands are allowed, including configuration commands. An Administrator can even execute configuration commands that would disable the channel that the Administrator is communicating over.



Configuration:

 

1) Import the attached Radius Dictionary for the SuperMicro Server in the CPPM Policy Manager ( Administration » Dictionaries » RADIUS  ) and Enable the imported Radius Dictionary


2) Enable "Radius" in the Super Micro Server and add the CPPM IP address and the shared secret, also add the Super Micro Server IP address in the ClearPass server ( Network --> Devices ) with the same shared secret entered for the CPPM IP address in the SuperMicro Server

 

 

3) Create a Generic Radius Type Enforcement profile as below making use of the added Radius Dictionary and return the required Permission

( Permission can vary based on the level of access we would want the user to be allowed, in the below screenshot, we are allowing  H=4, I=4  i.e, Administrator level Permission )

H=1, I=1 = Callback - No Access

H=2, I=2 = User

H=3, I=3 = Operator

H=4, I=4 = Administrator

 


4) Map the enforcement Profile in the Service Enforcement Policy

 



Verification

 

We can test the login and confirm that the user is able to login with the below Permission returned

 

 


Attachments:
RadiusDictionary.xml
0 comments
8 views

Permalink