Security

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.



does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------

Original Message:
Sent: 2/17/2021 4:15:00 AM
From: Leon123
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.

does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------

Hi Jorge,

here is the error


------------------------------
Tobias
------------------------------

Original Message:
Sent: Feb 17, 2021 06:08 AM
From: Jorge Calvi
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello, Can you share the error you obtain from CLI?

 

 

 

--------------

Jorge Calvi

--------------

 

 

Original Message:
Sent: 2/17/2021 4:15:00 AM
From: Leon123
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.

does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------

What do you have on the log ? ( show log all..)

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Feb 17, 2021 07:07 AM
From: Tobias Gabriel
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hi Jorge,

here is the error

I can connect to the ssid, but the traffic does not go to vlan 88

------------------------------
Tobias

Original Message:
Sent: Feb 17, 2021 06:08 AM
From: Jorge Calvi
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello, Can you share the error you obtain from CLI?

 

 

 

--------------

Jorge Calvi

--------------

 

 

Original Message:
Sent: 2/17/2021 4:15:00 AM
From: Leon123
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.

does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------

You cannot push the VLAN as part of the role. Instead, push a separate enforcement profile with Aruba-User-VLAN in addition to the Downloadable Role.

Instant/ArubaOS: VLAN should be sent separately from the Downloadable User Role
ArubaOS-Switch/AOS-CX: VLAN should be sent as part of the Downloadable User Role

This may be confusing but works if you follow these guidelines.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Feb 17, 2021 04:15 AM
From: Tobias Gabriel
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.

does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------

Hi Herman,

thanks for your reply.
Ok, this is my first time to do dur with instant aps. I´ve a CX Switch inviroment running with dur.

I will test this tomorrow and give you an update.

thanks

------------------------------
Tobias
------------------------------

Original Message:
Sent: Feb 18, 2021 06:01 AM
From: Herman Robers
Subject: problems with Aruba Instant Cluster and Clearpass DUR

You cannot push the VLAN as part of the role. Instead, push a separate enforcement profile with Aruba-User-VLAN in addition to the Downloadable Role.

Instant/ArubaOS: VLAN should be sent separately from the Downloadable User Role
ArubaOS-Switch/AOS-CX: VLAN should be sent as part of the Downloadable User Role

This may be confusing but works if you follow these guidelines.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Feb 17, 2021 04:15 AM
From: Tobias Gabriel
Subject: problems with Aruba Instant Cluster and Clearpass DUR

Hello,

we have an instant cluster running, with Instant OS version 8.6.0.4, the cluster is managed via Aruba Central.
We have a Clearpass with version 8.9.4.x in our environment.
On the Clearpass we have created a service for the IAP cluster for testing.
A DUR profile was created on the Clearpass, for testing we only used a simple setting we only pass VLAN 88...

unfortunately the instant on the cli shows an error when downloading the role.

I have created a user on the CPPM for the download and also loaded the cppm certificate on the Instant.

does anyone else have an idea what the problem can be.

Thanks a lot


------------------------------
Tobi
------------------------------