Security

Jiust setting up a ClearPass guest service in conjunction with Aruba Instant 8.7.0

 

Want to implement  downloadable user roles  from cppm. Any Instant specific docn on this or is it just same as Mobility contoller enviorinment?

Not much in the Instant 8.7.0.x User Guide

See screenshot below and attached. Make sure download roles is checked. If you want to return a role and use the access defined on the IAP, under role assignment rules you should put a rule in saying that the "aruba-user-role is the role".

 

 

 

 

Check this video for some hints. Note that between the 8.4 covered in the video and current versions the role-download options is available in GUI now (was CLI only in 8.4).

 

Most important I'd say: Make sure time synchronization on both the AP and ClearPass is working; add the RADIUS server as a hostname, not as IP.

Many thanks for this , very informative however .....

I had the following
wlan auth-server cppmnd.sharaz.info
ip 192.168.1.21
port 1812
acctport 1813
key
nas-ip 192.168.1.20
rfc5997 auth-only
rfc3576
cppm-rfc3576-port 5999
service-type-framed-user 1x
service-type-framed-user mac
cppm username iap-admin password

and all my auth stuff worked

When I change the IP entry to be
ip cppmnd.sharaz.info

and do a commit apply;write m
Then all auth queries to the cppm server stop , nothing appears there at
all.

Change config back to being an IP address ... authentications work.

Each of the APs in the cluster have static addresses assigned and have an
ipv4 DNS server address specified.

All APs and ClearPass use the same NTP server
A