Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass API to Access Tracker Data

This thread has been viewed 3 times

  • 1.  ClearPass API to Access Tracker Data

    Posted Feb 10, 2020 07:20 PM

    Hi all,

     

    I'm using the API for managing endpoints, and have had a good look through API explorer (which is a fantastic interactive way to document an API), but I can't see a way to access the information that resides in Access Tracker.

     

    I've also searched, and only found one un-answered question on here.

     

    Specifically, I'm trying to get things like NAD name, IP, port, AP Name etc.

     

    What API should I be looking for for this information?

     

    Thanks,

    Ben.



  • 2.  RE: ClearPass API to Access Tracker Data

    EMPLOYEE
    Posted Feb 11, 2020 10:18 AM

    Not sure that if possible from our current RESTful API.

    You can certainly get this information out using the ClearPass SQL interface.

     



  • 3.  RE: ClearPass API to Access Tracker Data

    Posted Feb 11, 2020 12:52 PM

    Thanks for the reply - is this a supported method of getting info? Ive had a quick look and can’t see any references to using it. 

    Im already calling a stored procedure in an external database SQL database as an authorization source - is this what you mean? Or is there a way to query ClearPass from the outside?

    The issue I have with the SQL integration as I’m using at the moment is if the request doesn’t have the info available (eg. a request from a wired switch won’t supply an access point parameter), then ClearPass fails to build the query and doesn’t run the SQL - unless I’m doing it wrong 😀

     

    As an example - I added a filter just for the wifi data. This gets around the whole authorization source failing if a data point doesn't exist, but still, if the authorization source is used by a switch then an alert/error is generated with the following text

    Failed to construct filter=EXEC sp_clearpassWifi
@mac = '%{Connection:Client-Mac-Address-NoDelim}', 
@apSsid = '%{Radius:Aruba:Aruba-Essid-Name}', 
@apGroup = '%{Radius:Aruba:Aruba-AP-Group}', 
@apName = '%{Radius:Aruba:Aruba-Location-Id}'.
Failed to get value for attributes=[wifi-data]

     



  • 4.  RE: ClearPass API to Access Tracker Data

    EMPLOYEE
    Posted Feb 11, 2020 07:02 PM

    Use the ActiveSession API.



  • 5.  RE: ClearPass API to Access Tracker Data

    Posted Feb 11, 2020 08:11 PM

    Hi Tim - thanks for that, unfortunately that only seems to get TACACS+ stuff - all the RADIUS stuff I'm after isn't returned.  Any other ideas?

     

    I have, in the meantime, created more SQL Authentication Sources specifically for wired and wireless that push some of the data I wanted into an external database - unfortunately I can't get the resultant profiles returned using this method, so would still ideally like an API - if there is one!