Security

Reply
Highlighted
Guru Elite

ClearPass Solution Guide: Wired Policy Enforcement

Team Aruba,

 

We’re happy to announce an update to the new ClearPass Solutions Guide for Wired Policy Enforcement. This update (version 2017-02) adds ArubaOS-Switch 16.04 features: Downloadable User Roles and Per-User Tunneled-Node.

 

This document now covers the following topics:

  • Wired enforcement options and technologies
  • ArubaOS-Switch configurations
    • Colorless port: 802.1X, MAC Auth, Captive Portal with local and downloadable user roles
    • OnConnect
    • Per-Port Tunneled Node
    • Per-User Tunneled Node
  • Comware 7 configuration
    • Colorless port: 802.1X, MAC Auth, Captive Portal
  • Cisco IOS 12.x/15.x (IBNS 1.0) configuration
    • Colorless port: 802.1X, MAC Auth, Captive Portal
    • OnConnect

 

Document Link (v2017-02): ClearPass_Solution-Guide_Wired-Policy-Enforcement_v2017-02.pdf

 

Future releases to include: 

  • Cisco IOS-XE 'Denali' (16.x) with IBNS 2.0
  • Juniper EX

Enjoy

 

- Aruba Security Team


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thank you very much for this guide.

So i can use this guide to use cisco switch and CPPM for wired guest captive portal services?

 

Cisco switch: Catalyst 3560-CX series (version: 15.2(4)E2)

CPPM: running on VM using trial license (90 days)

 

Cheers

Tariq

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Yes.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Hi, Tim 

 

Great doccument.

Question you tested with the 5510_HI_7.10.R1308. 

Is the COA already supported here (5510 HI)?

I really need this.

 

 

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Yes, as mentioned in the doc:

 

This configuration has been tested on the HPE 5130EI, 5130HI and 5510HI.

The minimum versions of  Comware 7 required for this configuration are:

5130_EI_7.10.R3113P02

5130_HI_7.10.R1308
• 5510_HI_7.10.R1308


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thanks,

 

In document it says:

"Configuring a self-registration workflow in Guest is outside the scope of the document"

 

Can I get a link to above so that I can complete rest of configuration?

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thanks Tim,

I followed this guide for CleasPass:Web Authentication section and configured my test CPPM as such. I configured guest page and Cisco switch.

 

I am getting below error:

===

Error Code:

204

Error Category:

Authentication failure

Error Message:

Failed to classify request to service

 Alerts for this Request  

RADIUSService Categorization failed
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Did you configure the Guest side?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

yes I did, not sure if I have missed something. 

I followed link you posted for guest configuration.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: