We are a UK university part of eduroam and we are looking to perform RADIUS attribute filtering for attributes sent back in RADIUS messages from other organisations. E.g. if a VSA is sent specifiying a role that is unknown to our wireless.
I can see plenty of guides of how to do this in freeradius but it isn't obvious how this would be done in Clearpass.
On the "Proxy Targets" tab of your RADIUS Proxy Service there's a section for excluding RADIUS attributes in replies from your RADIUS proxies.
Thanks for the response but how would these be done in reverse. Is there a way to filter on tx rather than rx.
We have some Cisco wireless that connects through our Clearpass and then out to our national proxies. We authenticate our users via and clearpass and need to proxy out the visitors, the Cisco wireless adds lots of extra attributes that we don't want to send out in the requests.
As far a I'm aware, it is not possible to add, remove or alter VSA sent to a RADIUS proxy target server in ClearPass. ClearPass just proxies the RADIUS request that it recieves without altering it but can strip out any attributes that return.
I don't know if there's anything you can do on your Cisco kit to limit what is sent?
Unfortunately we don't have access to the Cisco controller, it is a hospital that publishes our SSID that we authenticate the users for.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.