I want to improve device fingerprinting across my network.
I found this 5 page PDF, which instructs me to install a certificate on the Aruba 2930-F switch, but I do not understand what the "TA Certificate name" is suppose to be. (The very last command in this instructional whitepaper)
I need to create a user on Clearpass with APIAdmin rights. (I can do that)
I assume these commands will TFTP the certificate on Clearpass to my Aruba 2930 switch.
I can complete the first 2 steps
and I understand what is meant by the command "crypto pki ta-profile <TA profile name>"
But what is the "certificate name "
Is it just the name of the file on Clearpass ?
"ClearpassCertificate.crt "?
*********************************************************
The prerequisites for implementing this feature in ArubaOS-Switch is as follow. Configure the following commands before
implementing Device Fingerprinting in ArubaOS-Switch.
radius-server host <cppm ip address>
radius-server cppm identity <username> key<password>
The username and password is a ClearPass local admin account with the API Administrator privilege.
Another aspect of implementing Device Fingerprinting is ClearPass server certificate installation. The signing CA of the
ClearPass HTTP server certificate must be copied to the switch for successful Device Fingerprinting operation. This is the
same configuration as Downloadable User Roles (DUR).
The following commands are used to copy CA certificate on ClearPass to the switch:
1. To create TA certificate.
crypto pki ta-profile <TA profile name>
2. To copy CA certificate to the TA profile.
copy tftp ta-certificate <TA Profile name> <TFTP Ip Address> <TA Certificate Name>
******************************************************