Wired Intelligent Edge

 View Only
  • 1.  ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Dec 06, 2019 03:08 PM

    Hi there,

     

    About Aruba-CX and the new 6300 series, I had a look at the documentation and couldn't find a reference to configure ClearPass to download roles, and also nothing about HTTP device profiling (only CDP and LLDP).

    Does anyone know how to configure the switches to work like a 2930f, where it will forward DHCP data, HTTP user agents, etc to ClearPass for profiling, and set ClearPass address and certificate for the switch to download DUR?

     

    Also, my ClearPass does not have any specific syntax for 6300. What kind of role should I use? ArubaOS? MC?

     

    Thanks



  • 2.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 12:06 PM
    I too am wanting the 6200 to work with CPPN DUR etc.

    Looming over the CPPM Wired Policy Enforcement guide CX section, I'm not seeing it. 
    Am I missing something? Is there another way to accomplish the same thing?

    ------------------------------
    --Matthew

    If I have in some way helped, please click the KUDOS button
    ------------------------------



  • 3.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 12:25 PM
    Found it, 

    Page 164 of the updated guide.

    ------------------------------
    --Matthew

    If I have in some way helped, please click the KUDOS button
    ------------------------------



  • 4.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 02:10 PM
    Where can I find the updated guide?


  • 5.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 02:20 PM
    The CPPM Wired Enforcement guide is here:
    ClearPass Wired Policy Enforcement Solution Guide.pdf

    Also I found a discussion of DUR elsewhere in the Community:
    DUR with MAC-Auth

    I'm working my way through them now...

    ------------------------------
    --Matthew

    If I have in some way helped, please click the KUDOS button
    ------------------------------



  • 6.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 02:27 PM
    Ah nice I only had the previous version.... do you happen to know how to actually browse to that document without having a direct link :) Just wondering if there are some other documents available there I haven't heard about...

    As for the original question, there is document called "USER ROLES AND USER-BASED TUNNELING DYNAMIC SEGMENTATION" available (again somewhere in the internets) that answers some of the questions.

    The documentation is not very good or well organized. You need to gather these links and get the PDFs when you see those :)


  • 7.  RE: ArubaOS-CX - Profiling? ClearPass? DUR?

    Posted Feb 05, 2021 06:49 PM
    The switch documentation gives the command for enabling downloadable user roles here:

    https://www.arubanetworks.com/techdocs/AOS-CX/10.06/HTML/5200-7723/index.html#GUID-3F87A668-7870-4DA2-B793-5C7981A44604.html

    Make sure you have your TA-Profile (trusted cert) created and existing in the switch config as well as in the trust list on ClearPass.

    The RADIUS server config should look like this
    :
    radius-server host clearpass.servername.net key ciphertext <key> clearpass-username <user> clearpass-password ciphertext <key> (enter vrf info at the end if applicable)

    Make sure you have a source interface if required.

    For ClearPass, 6.9 or later gives you the standard config for the user role:
    Else, you can used the Advanced method, use the Aruba dictionary and the "Aruba-CPPM-Role" then enter the exact syntax of the role as it would appear on the switch.

    Regards, 

    Justin

    JUSTIN NOONAN
    TECHNICAL MARKETING ENGINEER – ARUBA CAMPUS SWITCHING
    O: +1 916 540 1748   |  M: +1 530 434 0239  justin.noonan@hpe.com

    8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747 USA


    ------------------------------
    Justin Noonan
    ------------------------------