Security

Reply
New Contributor
Posts: 2
Registered: ‎03-26-2015

Clearpass Captive Portal with Brocade

Hello All,

 

We have recently purchased ClearPass and are looking to use it as a replacement for our PacketFence deployment on our wired network.  Currently any user who plugs into our Brocade switches gets sent to a registration VLAN where they authenticate to a captive portal.  After authentication, the user is switched to another VLAN where they get a new IP address and can access the network.  What is the recommended path to do this using Clearpass?  For a bonus, we would like to track the user's ID and send that information to our Palo Alto firewall so we can track any connection coming out of this network.

Guru Elite
Posts: 8,444
Registered: ‎09-08-2010

Re: Clearpass Captive Portal with Brocade

Does the switch support native captive portal?

Can you post the model number and code version?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 2
Registered: ‎03-26-2015

Re: Clearpass Captive Portal with Brocade

They're all ICX6450s and ICX6610s, they don't have a native captive portal.

Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: Clearpass Captive Portal with Brocade

Hi Alan,

 

We're not using captive portal on wired but we are doing wired 802.1x with ClearPass. We use Cisco 3850 and 3750E switches and currently have a "profiler" vlan/subnet set up where devices go if they've never been profiled. Once profiled, CP bounces the port and it goes back through 802.1x auth with MAB (mac auth bypass) for devices such as IP phones, printers, etc. CP sends a RADIUS CoA message back to switch to set the interface to a particular vlan and bounce it, forcing re-auth. One thing you may want to consider instead of using different vlans/subnets is to use one (or at least consolidate) and send downloadable ACLs to the switch to apply per-port based on the security requirement. We ended up running into issues with vlan switching that we were able to resolve using the DACL method.

 

We also have Palo Alto firewalls that are set up and integrated with ClearPass--works well as far as I know, though I haven't spent a lot of time in the PANs lately.

 

Let me know if I can help at all.

Guru Elite
Posts: 8,444
Registered: ‎09-08-2010

Re: Clearpass Captive Portal with Brocade

Does the switch support destination-NAT?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: