The switch documentation gives the command for enabling downloadable user roles here:
https://www.arubanetworks.com/techdocs/AOS-CX/10.06/HTML/5200-7723/index.html#GUID-3F87A668-7870-4DA2-B793-5C7981A44604.htmlMake sure you have your TA-Profile (trusted cert) created and existing in the switch config as well as in the trust list on ClearPass.
The RADIUS server config should look like this
:
radius-server host clearpass.servername.net key ciphertext <key> clearpass-username <user> clearpass-password ciphertext <key> (enter vrf info at the end if applicable)
Make sure you have a source interface if required.
For ClearPass, 6.9 or later gives you the standard config for the user role:
Else, you can used the Advanced method, use the Aruba dictionary and the "Aruba-CPPM-Role" then enter the exact syntax of the role as it would appear on the switch.
Regards,
Justin
JUSTIN NOONAN
TECHNICAL MARKETING ENGINEER – ARUBA CAMPUS SWITCHING
O: +1 916 540 1748 | M: +1 530 434 0239 justin.noonan@hpe.com
8000 FOOTHILLS BLVD | ROSEVILLE, CA 95747 USA
------------------------------
Justin Noonan
------------------------------
Original Message:
Sent: Feb 05, 2021 02:27 PM
From: Jukka Aaltonen
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
Ah nice I only had the previous version.... do you happen to know how to actually browse to that document without having a direct link :) Just wondering if there are some other documents available there I haven't heard about...
As for the original question, there is document called "USER ROLES AND USER-BASED TUNNELING DYNAMIC SEGMENTATION" available (again somewhere in the internets) that answers some of the questions.
The documentation is not very good or well organized. You need to gather these links and get the PDFs when you see those :)
Original Message:
Sent: Feb 05, 2021 02:19 PM
From: Matthew Sabin
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
The CPPM Wired Enforcement guide is here:
ClearPass Wired Policy Enforcement Solution Guide.pdf
Also I found a discussion of DUR elsewhere in the Community:
DUR with MAC-Auth
I'm working my way through them now...
------------------------------
--Matthew
If I have in some way helped, please click the KUDOS button
Original Message:
Sent: Feb 05, 2021 02:09 PM
From: Jukka Aaltonen
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
Where can I find the updated guide?
Original Message:
Sent: Feb 05, 2021 12:24 PM
From: Matthew Sabin
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
Found it,
Page 164 of the updated guide.
------------------------------
--Matthew
If I have in some way helped, please click the KUDOS button
Original Message:
Sent: Feb 05, 2021 12:05 PM
From: Matthew Sabin
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
I too am wanting the 6200 to work with CPPN DUR etc.
Looming over the CPPM Wired Policy Enforcement guide CX section, I'm not seeing it.
Am I missing something? Is there another way to accomplish the same thing?
------------------------------
--Matthew
If I have in some way helped, please click the KUDOS button
Original Message:
Sent: Dec 06, 2019 03:08 PM
From: Ricardo Duarte
Subject: ArubaOS-CX - Profiling? ClearPass? DUR?
Hi there,
About Aruba-CX and the new 6300 series, I had a look at the documentation and couldn't find a reference to configure ClearPass to download roles, and also nothing about HTTP device profiling (only CDP and LLDP).
Does anyone know how to configure the switches to work like a 2930f, where it will forward DHCP data, HTTP user agents, etc to ClearPass for profiling, and set ClearPass address and certificate for the switch to download DUR?
Also, my ClearPass does not have any specific syntax for 6300. What kind of role should I use? ArubaOS? MC?
Thanks