Security

Reply
Contributor I

Re: how to define Vendor ID in clearpass for an enterprise

Hi Saravan

tried both the string and unsigned both the times ISAM fails it.

But in the free radius with attribute defined as string it works fine.

Surprisingly the radius message output of both the unsigned and string shows value as 230 from aruba which i am expecting but the encoding/formatting is creating the problem.

very close to the solution but still eluding can you please help

details from radius, the error message from the box when it fails for unsigned and string are given below

 

Authentication successful when done from free radius server
atribute set as string and hexadecimal
user profile in free radius
=====================
polclient2  Cleartext-Password := "xxxxxxxxxx"
       Service-Type = Framed-User,
       Framed-IP-Address = 135.249.41.194,
       Framed-IP-Netmask = 255.255.255.0,
       Framed-MTU = 1500,
       A-ESAM-PoL-Fwd-ID = 230,
       A-ESAM-PoL-Vp-ID = 230,
       A-ESAM-PoL-Client-Type = 1,

response From free radius server
===========================
Sending Access-Accept of id 96 to 135.249.41.194 port 10000
        Service-Type = Framed-User
        Framed-IP-Address = 135.249.41.194
        Framed-IP-Netmask = 255.255.255.0
        Framed-MTU = 1500
        A-ESAM-PoL-Fwd-ID = "230"
        A-ESAM-PoL-Vp-ID = 230
        A-ESAM-PoL-Client-Type = 1
        EAP-Message = 0x03020004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "polclient2"

From ISAM box
============
Received packet on the Authentication Port.
Auth Server Address 87f92ffb
 Received ACCESS_ACCEPT.
ATTRIBUTES in the Received Packet:-
FRAMED_IP_ADDRESS:      -2013713982
VSA dynamic sVlan=0, cVlan=230,forwarder Id: e6
VSA dynamic user Vlan Id: 230


when set as string and unsigned both the times authentication failed.
when set as string fails with More than attribute length
when set as unsigned failes with minimum length not matched

when set as string in aruba dictionary
======================================

From ISAM box
=============
Received packet on the Authentication Port.
Auth Server Address 87f92b6f
Length of Alcatel Vendor sub attribute is more than Main attribute length
Validation of the Attributes in the Received packet failed

when set as unsigned integer in aruba dictionary
========================================
Received packet on the Authentication Port.
Auth Server Address 87f92b6f
Minimum length of Alcatel Vendor sub attribute is not valid
Validation of the Attributes in the Received packet failed

 

Contributor I

Re: how to define Vendor ID in clearpass for an enterprise

Saravanan

can you look into this and suggest way to define the attribute

 

Thanks,

S.Muthukannan

Re: how to define Vendor ID in clearpass for an enterprise

Hi, 

 

Please open a TAC case for this.

This needs investigation.


Thank you,
Saravanan Rajagopal

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: how to define Vendor ID in clearpass for an enterprise

saravanan,

 

will open a TAC case

 

Thanks,

S.Muthukannan

Contributor I

Re: how to define Vendor ID in clearpass for an enterprise

raised case 5328193205                                                                                                

Thanks,

S.Muthukannan

New Contributor

Re: how to define Vendor ID in clearpass for an enterprise

Hi there,

Has this issue been resolved?

 

Thanks

Contributor I

Re: how to define Vendor ID in clearpass for an enterprise

This has been resolved using Aruba clearpass Hotfix

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: