Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎10-30-2011

ClearPass OnGuard - switch requirements

Is there a list of supported switches that work with ClearPass OnGuard? Or is there a list of required features that the switch has to support in order to provide full OnGuard functionality?

 

thanks,

Aruba Employee
Posts: 26
Registered: ‎11-16-2011

Re: ClearPass OnGuard - switch requirements

The primary requirement when it comes to a switch is dot1x support.  Check your switch model documentation and look for the ability to configure a RADIUS server using aaa and dot1x commands.  Different switches will provide differnt levels of richness when it comes to the dot1x.  E.g. can you pass back just a simple vlan vs. a role name vs. a dynamix ACL etc. etc. 

 

You should check with your local account team for more information.

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: ClearPass OnGuard - switch requirements

We asked for this and basically got the exact information that cisco ISE has listed. We have cisco wired. Do you have OnGuard working in an 802.1x environment. Curious how you handle this on wired including how OnGuard agent is deployed.
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: ClearPass OnGuard - switch requirements

i'll throw my name against this as well, i'm finding it very hard to work out what to do here.

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: ClearPass OnGuard - switch requirements

Just curious what your trying to do on the wired side?
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: ClearPass OnGuard - switch requirements

802.1x with 3750's and using the Onguard client to manage a quarantine VLAN.

 

 

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: ClearPass OnGuard - switch requirements

We are hoping to get dot1x going. Our environment should be interesting as we have some switches that are 10years old. We have some 3750s too. So you went vlan switching as opposed to L3 ACLs?
Super Contributor II
Posts: 355
Registered: ‎02-22-2011

Re: ClearPass OnGuard - switch requirements

haven't really decided on the overal solution yet, only just got the dot1x working with the NAP agent on Windows.

 

As it happens it doesn't look like you can use the onguard agent in an 802.1x installation. only microsoft NAP.

 

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: ClearPass OnGuard - switch requirements

Nice. May I ask if you had to have another server for Microsoft NAP or just the clearpass sever?
Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: ClearPass OnGuard - switch requirements

[ Edited ]

scottdoorey,

What are you trying to accomplish that you say you can use OnGuard in a .1x environment? I have multiple customers that have OnGuard installed with .1x and its one of the items you are taught how to use in the partner workshops.


Again I know this is a hot topic for everyone out there and we are hoping to have a document soon for public use on how to use on guard. There are a few examples in the CPPM server you just need to click the help link in the top right corner and search for posture.

 

posture.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: