Security

Reply
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

I have a question about profiling e.g. DHCP finger printing. Does the IP helper address needs to be set up on each and every single edge switch or just the core/distribution switch? For example if I want to set up a deadend VLAN for profiling, does this VLAN need to be L3 (I would assume so)? But does that also mean this VLAN need to be L3 on each (downstream) edge switch or L2 would work?

 

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Generally it would be added to the client's gateway interface. In an L2 environment, that's commonly at the distribution layer. In an L3 environment, it's at the edge switch.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Team,

 

This document has been updated (v2017-02) to include the new ArubaOS-Switch 16.04 features: Downloadable User Roles and Per-User Tunneled-Node.

 

The original post at the top has been updated.

 

Enjoy!


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: