Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass wired 802.1x use local vlan on switch?

This thread has been viewed 1 times

  • 1.  ClearPass wired 802.1x use local vlan on switch?

    Posted Feb 27, 2018 01:17 PM

    After reviewing the ClearPass 802.1x wired template, it looks like to implement 802.1x we must assign a vlan to a user once they authenticate.  In most configuration guides, this is called a dACL.  For example (https://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/223/1/Cisco%20Switch%20Setup%20with%20CPPM-v1.2.pdf) indicates this behavior under the Section 3 802.1x Service Setup.

     

    I would like to have users authenticate with 802.1x wired, but use the vlans that are already assigned on the port.  Is this possible?



  • 2.  RE: ClearPass wired 802.1x use local vlan on switch?

    EMPLOYEE
    Posted Feb 27, 2018 01:21 PM
    Yes, just send back an accept.


  • 3.  RE: ClearPass wired 802.1x use local vlan on switch?

    Posted Feb 27, 2018 01:24 PM

    Can you point me to a guide that details how to do that with an enforcement policy?

     

    2018-02-27-sea-policy.PNG

    Is there an option above that I should be sending back specifically?



  • 4.  RE: ClearPass wired 802.1x use local vlan on switch?
    Best Answer

    EMPLOYEE
    Posted Feb 27, 2018 01:26 PM
    Use the pre-built [Allow Access Profile] which just returns an ACCESS-ACCEPT.


  • 5.  RE: ClearPass wired 802.1x use local vlan on switch?

    Posted Feb 28, 2018 05:21 PM

    Thank you! This worked great.