Security

 View Only
  • 1.  Clearpass server IP in service rule logic

    Posted 9 days ago

    Hi,

    We have a Clearpass cluster overspanning 2 locations and I want to make sure that in normal circumstances, the authentication is handled locally (NAS to Clearpass to Domain Controller)

    I figured I just had to create a service that uses the Clearpass IP or hostname in its rule logic and assign the local authentication server to that service. However, I can't find which field holds that information.

    Is that even possible or is there a better way? Thanks!



  • 2.  RE: Clearpass server IP in service rule logic

    Posted 9 days ago

    In my Access Tracker, I see under Input / Computed Attributes: Connection:Dest-IP-Address with the IP that ClearPass is addressed on. You can add Connection:Dest-IP-Address in a service matching rule; have not really tried it, but is likely to work.

    Can you try that?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------