INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement

sschuur
sschuur
in HPE Aruba

Hello, 

 

These templates remove the requirement for a NIOS Network Insight (Discovery) appliance for the Aruba ClearPass integration with Infoblox. Using these templates, they will gather and sync to Aruba as much NIOS asset information as possible without the need for Network Insight. 

 

Note that due to current API limitations and the lack of Network Insight, IPv6 assets and Discovery events are NOT supported with these templates. However, all other events supported in the original templates are supported in these.

 

All other functionality, requirements, deployment instructions and Extensible Attributes found in the original post remain the same. There you can also find an overview of the integration, deployment guide, demo video, EA requirements and the original templates that require Network Insight.

Answers

  • peteremm
    peteremm

    I'm having the same issues with this integration as with the other Discovery templates. The initial API to create a sessions gets passed fine, but the -Aruba ClearPass Security- doesn't trigger an API.

  • peteremm
    peteremm

    The asset update API itself works, just not the security (triggered by rpz) API

  • Vadim
    Vadim Infoblox Product Expert

    Check the logs. Likely there is an issue with "Aruba_Sync" EA.

    It should be set to "true" (low level). In the deployemnt guide there is an error (it says "True")

  • peteremm
    peteremm

    Already seen that, it is set to "true" lower caps.

  • Vadim
    Vadim Infoblox Product Expert

    w/o logs it's hard to say what is going on.

  • peteremm
    peteremm

    I've added my lab logs

     

    thank you

  • Vadim
    Vadim Infoblox Product Expert

    Looks like you are trying to automate RPZ event with a lease. I'm not sure why but the script didn't check for a lease (Fixed and Host were requested). I need to ping Sophia to check the logic. 

  • sschuur
    sschuur

    Hello,

     

    We have updated the Security template to accommodate for security events that occur on IP addresses containing only lease objects. Simply redownload the Aruba_Security_No_NI.txt on this post for the updated version. Note that if there is no object on an IP, it will not sync to Aruba because it does not have a MAC.

  • peteremm
    peteremm

    Thanks for the update, but unfortunatly I'm still running in the same issue.

    Client has obtained a lease, it is visible in IPAM, but still no luck.

  • sschuur
    sschuur

    Hey @peteremm

     

    Thanks for sending the debug log! I can see right away that your Aruba_Secure EA is empty in both the parent network and IP address of the lease. This EA must be set to 'true' for at least one of these objects for all security events.

     

    I see you have Aruba_Sync set to true, but this is only for asset syncing. Aruba_Secure is for security event syncing.

Categories