Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-10-2017

Re: ClearPass Solutions Guide: Wired Policy Enforcement

I have a question about profiling e.g. DHCP finger printing. Does the IP helper address needs to be set up on each and every single edge switch or just the core/distribution switch? For example if I want to set up a deadend VLAN for profiling, does this VLAN need to be L3 (I would assume so)? But does that also mean this VLAN need to be L3 on each (downstream) edge switch or L2 would work?

 

Highlighted
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Generally it would be added to the client's gateway interface. In an L2 environment, that's commonly at the distribution layer. In an L3 environment, it's at the edge switch.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: