Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Aruba-Named-User-VLAN case sensitivity

Jump to Best Answer
  • 1.  Aruba-Named-User-VLAN case sensitivity

    Posted Nov 14, 2019 06:06 PM

    We are using ClearPass Guest to for users with pre-defined operator logins to go and register their IOT devices for MACAUTH to the wireless network. The device then can perform a MAC AUTH to the network and as part of the RADIUS authentication, we then return %{Authorization:[Guest Device Repository]:SponsorName} using the Aruba-Named-User-VLAN VSA.  This puts the device on a specific VLAN for the apartment that registered the device.

     

    Our problem is that it appears that the Aruba controller (AOS 8.5) is case-sensitive for the names of the named vlans.  Everything works great as long as the user logs into with uppercase letters, but when the guest user logs in with some other combination then the device ultimately lands on the default VLAN assignment due to the case sensitivity issue.

     

    The usernames they log into are in the format of CHD-101 (sitename-apartment#). 

     

    Any idea on how I can convert sponsor_name to uppercase during the device registration and/or convert it during the enforcement profile in CPPM?

     

    I've tried modifying the fields in Guest to use the NwaStrToUpper with no success and am running out of ideas.

     

    Thanks!

     

     

     



  • 2.  RE: Aruba-Named-User-VLAN case sensitivity
    Best Answer

    Posted Nov 15, 2019 10:28 AM

    Nevermind.  I figured it out by updating the SQL query used in the authentication source to return the sponsor_name alias in upper case.

     

    Thanks!