This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ExtremeCloud IQ Pilot with external CWP

ExtremeCloud IQ Pilot with external CWP

EBILLOT
New Contributor

‎03-29-2024 03:10 AM

Hi,

 

We are setting up a hybrid ExtremCloud IQ Pilot with remote AP 305C configuration.

We want to keep our Clearpass infrastructure to manage guests.

 

We found a complete guide https://extremenetworks2com.sharepoint.com/sites/kcs/External/000021388/ExtremeWireless%20ClearPass%...

 

however it specify screens that are not present on our controler site. We need to find where we could configure attributs send from an external CWP to clear pass.

You may see on attachments :

- in documentation.png the original doc which is talking about "attributes to send" to external cwp

- in policy.png our policy config with external cwp selected

- in cwp.png our external captive portal configuration

We need to find where attribut to send have to be select.

 

Right now, without this configuration finalized, clearpass does not receive any radius att and service is not captured.

 

Please help,

 

Regards,

Preview file
82 KB
Preview file
107 KB
Preview file
127 KB
0 Kudos
3 REPLIES 3

EBILLOT
New Contributor

‎04-02-2024 12:17 AM

Hi,

 

Thanks for replying.

However we tried it but no way.

We are not trying to select user profil from attributes but to select what attributes send to CP.

With Aruba controler and AP, a guest request is like cp.png (attachment). We can see several attributes which can be used in clearpass to match services and trigger enforcements.

With Extreme AP, in web auth way, no radius attributes are send (see cp2.png).

How could we configure ExtremeWireless Pilot to choose what attributes to send to external radius server ?

 

BR,

Preview file
60 KB
Preview file
56 KB
0 Kudos

James_A
Valued Contributor
In response to EBILLOT

‎04-02-2024 08:23 AM

The guide you linked (not that it works for me) is for the old ExtremeWireless. I have ClearPass working with XIQ, I used the guide in the Aruba Community thread you also posted in, but with some alteration (which I also commented there).

Can you post the Input tab of those requests? Here's what mine has without any configuration of what to send:

James_A_0-1712071354319.png

0 Kudos

Christoph_S
Extreme Employee

‎04-01-2024 05:48 AM

Hello @EBILLOT,

Here are the steps:

  1. Navigate to the Network Policy containing the SSID
  2. For this SSID select Enterprise 802.1 authentication
  3. Under "Authenticate via RADIUS Server" create a new group and point it to the external radius server
  4. Under User Access Settings, check "Apply a different user profile to various clients and user groups."
  5. Create new user profiles and in the Assignment rules configure radius attributes.
  6. Push the configs to the APs. 

BR,

 

Christoph S.
0 Kudos
GTM-P2G8KFN