The Aruba controller can blacklist users at Layer 1, not even letting them connect. Based on conditions in ClearPass, it may be a valued option to blacklist a user at Layer 1, i.e., if they are known to have a vulnerability, or they have exhausted their amount of time/bandwidth.
AH contributor: Austin
Specifications
Administration -> External Servers -> Endpoint Context Servers
|
Select Server Type
|
Generic HTTP |
Server Name
|
<Your integration name> |
On-Premise based URL
|
https:/// |
Username
|
<Not Applicable> |
Password
|
<Not Applicable> |
Administration -> Dictionaries -> Context Server Actions
|
Action Tab
|
Server Type
|
Generic HTTP |
Server Name
|
<Select your integration name> |
Action Name
|
<Describe the action> |
HTTP Method
|
POST |
URL
|
/auth/command.xml |
Content Tab
|
Content-Type
|
XML |
Content
|
xml=<aruba command="user_blacklist"> <ipaddr>%{Radius:IETF:Framed-IP-Address}<macaddr>%{Connection:Client-Mac-Address-Colon}</macaddr> <name>%{Authentication:Full-Username}</name> <key>Shared_Key</key> <authentication>MD5|SHA-1|cleartext</authentication> <version>1.0</version> </aruba>
|
Tips & Tricks
|
| Need to configure the XML source in the AAA profile of the controller and set a key, use that key in the payload with the appropriate type. |