Wireless Access

 View Only
Expand all | Collapse all

Configure download user role in aruba controller from clearpass

This thread has been viewed 67 times
  • 1.  Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    Hi Team our download user role is working fine with Aruba Instant , but we want to do also with aruba controller clearpass is pushing the roles to the controller but when i check logs on controller it is giving regarding the certificate. could you provide me full document to achieve this with proper certificate and configauration.



  • 2.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago
      |   view attached

    facing this issue on the controller




  • 3.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    I don't see certificate errors. Here is a video on Downloadable User Roles on controllers, it covers it combined with downloadable roles on AOS-CX, but also has controllers.

    Are you aware that downloadable roles for Instant are different from downloadable roles on controllers? You should have separate configuration for each of them.

    Personally I'm not a fan of Downloadable Roles on controllers as you configure controllers centrally in most cases and if a role is already on the controller there is no need to download it and in most cases it just adds complexity.

    If you have errors on the certificate, check that you have your ClearPass configuration based on the FQDN (domain name) not on IP address; also make sure that the RootCA that issued the ClearPass Web Server certificate is added as Trusted CA in your controller and that ClearPass only has either RSA or ECC enabled for it's Web server certificate.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago
      |   view attached

    please check  it once again the logs file




  • 5.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    Looks like your trust CA chain is not complete or missing on the controller. 

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 6.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    Hi,

    I am trying to export clearpass ca certificate which is in .12 format.When i am trying to import this on mobility controller as trusted ca it is given ca flag error.




  • 7.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    Hi.

    Just export trusted chain bundle as PEM and import it to controller as Trusted Cert.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 8.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago
      |   view attached

    Hi 

    we did same as you said but still facing same error . please check the attached document to review the config.

    hanks team for helping us...


    Attachment(s)

    rtf
    clearpass dur moblity.rtf   56.19 MB 1 version


  • 9.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    Have you added the CA bundle to the trusted list on the controller?

    If you want the controller to trust a certificate presented by another device then the controller has to have a TrustedCA/IntermediateCA imported that matches the trust chain of the certificate presented.  ServerCert is for certificates that you want the controller to use when communicating with other devices.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 10.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago
    Hi

    Yes we have exported the CA bundle and uploaded this to controller Trusted list. I also attached the document of configuration for your reference . 





  • 11.  RE: Configure download user role in aruba controller from clearpass

    Posted 24 days ago

    You didn't actually import the root CA, you imported the intermediate CA as a TrustedCA.

    TrustedCA = root certificate

    IntermediateCA = any/all certificates for intermediate issuing CAs in the trust chain

    Also, you're better off placing those images directly in this thread rather than an uploaded document.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------