Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

HP/Colubris SSID in Clearpass

This thread has been viewed 0 times

  • 1.  HP/Colubris SSID in Clearpass

    Posted Aug 28, 2014 07:52 AM

    Hello;

     

    I'm having a problem with a mixed network of HP and Aruba access points.  The same SSID is on both (in different buildings) and authenticating to the same clearpass server cluster.

     

    On the Aruba side, I get the Radius:Aruba:Aruba-Essid-Name attribute in the request, and I get a computer attribute of Connection:SSID to match.

     

    On the HP side, the SSID is in Radius:Colubris:Colubris-AVPair attribute as a key-value pair (ssid=xxx), and there is no Connection:SSID computed attribute.

     

    Does anyone know of a way to convince Clearpass to compute the SSID attribute with an HP access point?  Or, can anyone suggest an alternate approach?  My goal is to process the SSID with a single service rule in Clearpass, mainly for statisitics purposes.

     

    If I took out the nas-port-type and service-type matches in the service rule, I could do with with a "match any" rule, but I'm not sure if that's a good idea.

     



  • 2.  RE: HP/Colubris SSID in Clearpass

    EMPLOYEE
    Posted Aug 28, 2014 08:25 AM

    Your last sentence is something that could work.  I don't foresee it as causing any other issue especially if the service ordering is correct.  

     

    The best bet is having two services as I can also see that a combined enforcement policy mixing Aruba VSAs with another vendor may be a bit complex. 



  • 3.  RE: HP/Colubris SSID in Clearpass

    Posted Aug 28, 2014 12:59 PM

    I thought about that, but I do this now to set the admin role for my Palo Alto and Aruba devices within a single enforcement policy and it seems to work fine.