Security

Reply
Highlighted

CPPM and DUR in Aruba instant environment

Jiust setting up a ClearPass guest service in conjunction with Aruba Instant 8.7.0

 

Want to implement  downloadable user roles  from cppm. Any Instant specific docn on this or is it just same as Mobility contoller enviorinment?

Not much in the Instant 8.7.0.x User Guide

Highlighted
Super Contributor II

Re: CPPM and DUR in Aruba instant environment

See screenshot below and attached. Make sure download roles is checked. If you want to return a role and use the access defined on the IAP, under role assignment rules you should put a rule in saying that the "aruba-user-role is the role".

 

IAP Roles.JPG

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
MVP Guru

Re: CPPM and DUR in Aruba instant environment

Check this video for some hints. Note that between the 8.4 covered in the video and current versions the role-download options is available in GUI now (was CLI only in 8.4).

 

Most important I'd say: Make sure time synchronization on both the AP and ClearPass is working; add the RADIUS server as a hostname, not as IP.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted

Re: CPPM and DUR in Aruba instant environment

Many thanks for this , very informative however .....

I had the following
wlan auth-server cppmnd.sharaz.info
ip 192.168.1.21
port 1812
acctport 1813
key
nas-ip 192.168.1.20
rfc5997 auth-only
rfc3576
cppm-rfc3576-port 5999
service-type-framed-user 1x
service-type-framed-user mac
cppm username iap-admin password

and all my auth stuff worked

When I change the IP entry to be
ip cppmnd.sharaz.info

and do a commit apply;write m
Then all auth queries to the cppm server stop , nothing appears there at
all.

Change config back to being an IP address ... authentications wo...





Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: