Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Amigopod - can controller be positioned NOT inline to DHCP server?

This thread has been viewed 0 times

  • 1.  Amigopod - can controller be positioned NOT inline to DHCP server?

    Posted Jan 04, 2012 03:30 PM

    I want to trial Amigopod for NAC functions.  I have been told so far that I need to place it in between my Cisco WLCs and the DHCP server, requiring ALL of my traffic to traverse the Aruba controller.  I hesitate to do this because my DHCP is also my DNS server, and I don't want to get in the way of DNS traffic.      

     

    Can the system be set up so that the DHCP helper address points to the Amigopod, which then proxies for the server, so that only DHCP traffic has to go through the Amigopod?

     



  • 2.  RE: Amigopod - can controller be positioned NOT inline to DHCP server?

    Posted Jan 04, 2012 05:54 PM

    I think there are two different designs concerns being addressed here.

     

    Amigopod is never inline and integrates with either a Cisco or an Aruba controller using RADIUS and th external Captive Portal (Web Authentication) configurations on the controllers.

     

    The Aruba controllers provide the ability to peform inline device fingerprinting by inspecting the DHCP traffic sent from connecting clients to perform role derivation. This allows the network administrator to place each class of device into a different stateful firewall ruleset and provide differentiated access to network resources based on the type of device a user is connecting with.

     

    If the later is the case then the Aruba controller will need to be inline either by terminating Aruba AP's or as a bump in the wire to an existing access network.