Security

Reply
Highlighted
Contributor I

Ability to Query External ClearPass Endpoints database

I have a customer with two ClearPass 25k server in high capacity guest services a public SSID.  I have two 5k CP servers for internal dot1x so they are not in the same cluster. Customer wants the 25ks guest service policy to query the 5k's endpoints database and if it exists then deny the device access to the guest network.  I get the compatibility with SQL databse but am uncertain about this. 

Aruba Partner Ambassador ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security

Accepted Solutions
Highlighted
Moderator

Re: Ability to Query External ClearPass Endpoints database

Yes, you can do this using the appexternal account referencing the tips_endpoints table in tipsdb.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Ability to Query External ClearPass Endpoints database

Yes, you can do this using the appexternal account referencing the tips_endpoints table in tipsdb.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor I

Re: Ability to Query External ClearPass Endpoints database

Just got it working with radius proxy.  Thanks for the feedback.

Aruba Partner Ambassador ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security
Highlighted
MVP

Re: Ability to Query External ClearPass Endpoints database

Hi Cappali,

It is safe to change the "appexternal" user password in cluster wide parameters, will this interfiere or impact in any way?



Oscar,
“All opinions written here are my own and do not necessarily reflect the views and opinions of Aruba.”
“If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos"

Highlighted
Moderator

Re: Ability to Query External ClearPass Endpoints database

Yes. The default password is randomly generated. If you’re not using it for anything else, then you can change it without impact.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP

Re: Ability to Query External ClearPass Endpoints database

Thanks for your quick reply, I will go ahead and start testing :)



Oscar,
“All opinions written here are my own and do not necessarily reflect the views and opinions of Aruba.”
“If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos"