ClearPass Exchange Integration Tech Note: Infoblox …community.arubanetworks.com/aruba/attachments/aruba/ForoenEspan… · ClearPass Exchange Integration Tech Note: Infoblox Mac

ClearPass Exchange Integration Tech Note: Infoblox Mac Address Filter Updates 1

ClearPass Exchange Integration Tech Note:Infoblox Mac Address Filter Updates<css> .page-ClearPass Exchange Integration Tech Note: Infoblox Mac Address Filter Updates #commentform {display: none; }</css>

OverviewThis article will cover how to integrate ClearPass with Infoblox to allow ClearPass to send Username to MacAddress mapping information to Infoblox's Mac Address Filters. This capability is built off of ClearPass Exchangefunctionality.

Required Components• ClearPass 6.3.0 or higher• Infoblox IPAM (or DDI)

Configuration

Infoblox• Login into the Infoblox Appliance and navigate to "Data Management>DHCP>IPv4 Filters"

• Click on the "+" sign to add a new filter

https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-14.png


• For the "Name" enter the name of the filter. Record this for later use, ClearPass will update this filter withusername to mac address mappings

• Click "Save & Close"




• ClearPass needs to use a username/password to use the API. This can be the admin username and password, if so,this next step is not required. If you would like to use a different username and password for the API, proceed tothe next step.

• Navigate to "Administration>Admins"• Click on the "+" sign to add a new admin user

• Fill out the following fields: "Login", "Password", "Confirm Password", and click "Select" for "Admin Group"Record this for later use, ClearPass will update need this username and password




• Click "Save & Close"




ClearPassThere are two ways to configure ClearPass:1. Import the following exported files and edit the appropriate fields to match your installation.2. Manually create the required components on your instance of ClearPassWe will cover both options here.

Import

• Download the following files:

• Log into ClearPass and navigate to "Administration>External Servers>Endpoint Context Servers"

• Click "Import Context Servers"

https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-ContextServer.zip

https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-EnforcementProfile.zip



• Select the "infoblox-mf-ContextServer.zip" you downloaded, password is "aruba123" without quotes.• Click "Import"• Find and click on the server called "infoblox.arubademo.net"• Change the following variables to suit your environment: "Server Name", "Username", "Password", "Verify

Password" Username and Password must match the account created above in Infoblox or the admin usernameand password of Infoblox

• Click "Save"




• Navigate to "Administration>Dictionaries>Context Server Actions"• Find and click on the action called "Infoblox: Username to IPAM"• Click on the "Content" tab• Change the filter name to match the filter created on Infoblox above Filter name must match the name of the

filter you created on Infoblox

• Click "Save"• Navigate to "Configuration>Enforcement>Profiles"




• Click "Import Enforcement Profile"

• Select the "infoblox-mf-EnforcementProfile.zip" you downloaded, password is "aruba123" without quotes.• Click "Import"• Find and click on the profile called "Infoblox IPAM Update"• Click on the Attributes tab• Click on the Attribute Value for "Target Server" and select the updated server name you set earlier.

• Click "Save"




• Add the "Infoblox IPAM Update" enforcement profile to any enforcement policy you would like ClearPass toupdate Infoblox when that profile/service is hit

Manual

• Log into ClearPass and navigate to "Administration>External Servers>Endpoint Context Servers"

• Click on "Add Context Server"




• Set the "Server Type" to "Generic HTTP"• Input the following variables to suit your environment: "Server Name", "Username", "Password", "Verify

Password" Username and Password must match the account created above in Infoblox or the admin usernameand password of Infoblox

• Click "Save"




• Navigate to "Administration>Dictionaries>Context Server Actions"

• Click on "Add Context Server Action"




• Set the "Name", "Description" to what you desire.• Set "HTTP Method" to "POST"• Set "URL" to "/wapi/v1.4/macfilteraddress? " without the quotes.

• Click on the "Content" tab• Set "Content Type" to "JSON"• In the "Content" field, copy and paste the following:{"filter":"ClearPass", "mac":"%{Connection:Client-Mac-Address-Colon}", "username":"%{Authentication:Full-Username}"}




• Change the filter name to match the filter created on Infoblox above Filter name must match the name of thefilter you created on Infoblox

• Click "Save"• Navigate to "Configuration>Enforcement>Profiles"




• Set the "Name" field to what you desire

• Click on the "Attributes" tab• Set the "Target Server" to the name of the server you set above• Set the "Action" to the name of the enforcement profile you set above




• Click "Save"• Add the "Infoblox IPAM Update" (or whatever you named it) enforcement profile to any enforcement policy you

would like ClearPass to update Infoblox when that profile/service is hit




Testing and Verification• Authenticate a user against ClearPass• Log into ClearPass and navigate to "Monitoring>Access Tracker"• Find the authentication in Access Tracker and click on it• Click on the "Output" tab• Click on "Application Response"

• Ensure you see the correct HTTP Action and Server here• Log into Infoblox and navigate to "Data Management>DHCP>IPv4 Filters"• Click on the filter name you created



• Ensure your username and mac address appear in the list


Article Sources and Contributors 18

Article Sources and ContributorsClearPass Exchange Integration Tech Note: Infoblox Mac Address Filter Updates Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?oldid=84996 Contributors:Ahawthorne, Tbrophy

Image Sources, Licenses and ContributorsFile:Infoblox-mf-update-14.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-14.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-15.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-15.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-21.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-21.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-20.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-20.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-16.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-16.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-18.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-18.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-30.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-30.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-ContextServer.zip Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-ContextServer.zip License: unknown Contributors:Ahawthorne, Maintenance scriptFile:Infoblox-mf-EnforcementProfile.zip Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-EnforcementProfile.zip License: unknown Contributors:Ahawthorne, Maintenance scriptFile:Infoblox-mf-update-31.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-31.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-32.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-32.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-35.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-35.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-36.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-36.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-33.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-33.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-34.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-34.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-38.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-38.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-19.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-19.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-1.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-1.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-2.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-2.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-3.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-3.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-4.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-4.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-5.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-5.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-6.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-6.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-7.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-7.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-24.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-24.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-10.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-10.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-11.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-11.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-12.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-12.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-27.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-27.png License: unknown Contributors: Ahawthorne,Maintenance scriptFile:Infoblox-mf-update-28.png Source: https://arubapedia.arubanetworks.com/arubapedia/index.php?title=File:Infoblox-mf-update-28.png License: unknown Contributors: Ahawthorne,Maintenance script

Documents

ClearPass Exchange Integration Tech Note: Infoblox …community.arubanetworks.com/aruba/attachments/aruba/ForoenEspan… · ClearPass Exchange Integration Tech Note: Infoblox Mac