Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
[ Edited ]
Member
Posts: 7
Registered: ‎06-24-2019
Member
Posts: 7

Hello, 

 

These templates remove the requirement for a NIOS Network Insight (Discovery) appliance for the Aruba ClearPass integration with Infoblox. Using these templates, they will gather and sync to Aruba as much NIOS asset information as possible without the need for Network Insight. 

 

Note that due to current API limitations and the lack of Network Insight, IPv6 assets and Discovery events are NOT supported with these templates. However, all other events supported in the original templates are supported in these.

 

All other functionality, requirements, deployment instructions and Extensible Attributes found in the original post remain the same. There you can also find an overview of the integration, deployment guide, demo video, EA requirements and the original templates that require Network Insight.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 6
Registered: ‎01-27-2021
Member
Posts: 6

I'm having the same issues with this integration as with the other Discovery templates. The initial API to create a sessions gets passed fine, but the -Aruba ClearPass Security- doesn't trigger an API.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 6
Registered: ‎01-27-2021
Member
Posts: 6

The asset update API itself works, just not the security (triggered by rpz) API

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Adviser
Posts: 169
Registered: ‎09-09-2015
Adviser
Posts: 78

Check the logs. Likely there is an issue with "Aruba_Sync" EA.

It should be set to "true" (low level). In the deployemnt guide there is an error (it says "True")

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 6
Registered: ‎01-27-2021
Member
Posts: 6

Already seen that, it is set to "true" lower caps.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Adviser
Posts: 169
Registered: ‎09-09-2015
Adviser
Posts: 78

w/o logs it's hard to say what is going on.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 6
Registered: ‎01-27-2021
Member
Posts: 6

I've added my lab logs

 

thank you

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Adviser
Posts: 169
Registered: ‎09-09-2015
Adviser
Posts: 78

Looks like you are trying to automate RPZ event with a lease. I'm not sure why but the script didn't check for a lease (Fixed and Host were requested). I need to ping Sophia to check the logic. 

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 7
Registered: ‎06-24-2019
Member
Posts: 7

Hello,

 

We have updated the Security template to accommodate for security events that occur on IP addresses containing only lease objects. Simply redownload the Aruba_Security_No_NI.txt on this post for the updated version. Note that if there is no object on an IP, it will not sync to Aruba because it does not have a MAC.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 6
Registered: ‎01-27-2021
Member
Posts: 6

Thanks for the update, but unfortunatly I'm still running in the same issue.

Client has obtained a lease, it is visible in IPAM, but still no luck.

Re: INFOBLOX & ARUBA CLEARPASS INTEGRATION - No Network Insight (Discovery) Requirement
Member
Posts: 7
Registered: ‎06-24-2019
Member
Posts: 7

Hey @peteremm, 

 

Thanks for sending the debug log! I can see right away that your Aruba_Secure EA is empty in both the parent network and IP address of the lease. This EA must be set to 'true' for at least one of these objects for all security events.

 

I see you have Aruba_Sync set to true, but this is only for asset syncing. Aruba_Secure is for security event syncing.

Showing results for 
Search instead for 
Did you mean: