Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

This thread has been viewed 0 times

  • 1.  Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

    Posted May 19, 2016 09:17 AM

    Hi all,

    I tried using a 'VLAN enforcement' template under Enforcement Profile.

    But this is IETF based, and looks like this,

     

    Type                        Name                                    Value
    Radius:IETF            Session-Timeout                  10800
    Radius:IETF            Termination-Action               RADIUS-Request (1)
    Radius:IETF            Tunnel-Type                         VLAN (13)
    Radius:IETF            Tunnel-Medium-Type           IEEE-802 (6)
    Radius:IETF            Tunnel-Private-Group-Id      Enter VLAN --> I have purely entered the vlan id here

     

    But I can't get it to work with an IAP/CPPM deployment.

     

    The Radius type of 'Radius:Aruba', Attribute: 'Aruba-User-Vlan' works fine.

     

    But id rather implement IETF type.... I'm going on the template offered by CPPM.. Should I be choosing other attributes ?



  • 2.  RE: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

    EMPLOYEE
    Posted May 19, 2016 09:32 AM
    The Aruba-User-Vlan option is recommended with Aruba equipment.


  • 3.  RE: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

    Posted May 19, 2016 09:34 AM

    Implying it will not literally work, period, with IETF Radius attributes ?



  • 4.  RE: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement
    Best Answer

    EMPLOYEE
    Posted May 19, 2016 09:50 AM
    It should, but the Aruba VSA is one attribute vs 4+ for the IETF one.