Regular Contributor I

CPPM authentication forward

I have two seperate CPPM clusters.  One for corp and BYOD authentications/Onboarding and another for Guest provisioning and authentication.  For security reasons our guest cluster is in a dedicated DMZ.  I am wanting to put together a lab to demo NAC authentication with dACL's to some Cisco switches that allow guest and corp users to plug into the same network.  I also want to do NAC authentication of corp and guest users on Aruba switches and put then into roles based on who they are.  I have a decent idea of how to do all this except one part.


If a guest user plugs into the Cisco switches and the ports are set up to validate who you are to the NAC CPPM servers and lets CPPM knows you are not a corp user then the dACL pushed to the switch will give you rights to what???  How can I make the Cisco port look like an untrusted aruba port so the user has to authenticate to my CPPM guest servers?  I would have a requirement to make the user authenticate to the Guest CPPM captive portal page still.  Any way to make this work?

Guru Elite

Re: CPPM authentication forward

You would use an AV-Pair with the redirect URL and ACL.



Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: