The IP is the interface that has USER-ID enabled for that Zone on the PANFW.
I'm not 100% sure of the endpoint URL in a multi-vsys environment. However you shouldn't have to modify the URL with the IP.
I posted an updated version of the CPPM/PAN Guide a few weeks back....
Find it here and the announcement of it here
DANNY JUMP, PRODUCT MANAGER – CLEARPASS
Aruba, a Hewlett Packard Enterprise company
T: 650.236.9657 | E: DJUMP@HPE.COM | AIRHEADS @DANNYJUMP
3333 SCOTT BVLD | SANTA CLARA, CA, USA, 95054
FOLLOW US | Twitter | LinkedIn
VISIT AIRHEADS SOCIAL http://community.arubanetworks.com/
Is a "few weeks back" a guestimate? The doc you linked to is dated to June.
The announcement says the doc was updated in OCT. . were the doc dates not updated aswell ?Just looking for clarification, Danny.
Correction; partly fixed. If you use Per User Tunneled Node, the WLC does not add the Framed-IP-Address in radius-accounting. For a wireless client it does. Aruba WLC does not support DHCP SnoopingI tried enabling Use IP address for calling station ID but this didn't resolve the issue. What other configuration options in the WLC do I have?thanks,
Update on above. Kudos to Dik van Oeveren en Herman Robers for their input.
IP Client Tracker on the ArubaOS switch will add the IP address to RADIUS Acccounting for UBT. Unfortunately that caused a lot of issues with traffic to the tunneled client. Time constraints did not allow me to troubleshoot why . Observations let met to believe that TCP traffic was not arriving to the client.
One example of the issue: I can ping a tunneled printer, I can print to a tunneled printer (page was printed) but I cannot open the internal webpage of the printer. Lots of simular issues and the zero trust setup using Palo Alto for intervlan traffic, made us drop dynamic segmentation for this project since it did not add taht much in security. UBT use was more a convenience.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.