Security

Reply
New Contributor
Posts: 4
Registered: ‎06-22-2016

Clearpass, vlan on data interface

We want to create multiple vlans on the Data interface of a clearpass. However not much information can be found on this.

The setup we want to achieve is use the management interface for management ONLY.

The data interface for

1. vlan A for guest portal

2. vlan B for controller traffic

Were can i find information about how the system works with vlans on a physical interface and how the routing will be build by the system. As well wether the physical interface requires an ip adress in such case or not and how the master slave, and virtual adresses can be build

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Clearpass, vlan on data interface

The creation of vlans, is a two step process....

 

1. create the vlans in the UI under 

 

ClearPass_Policy_Manager_-_Aruba_Networks.jpg

 

the under the cli [login with appadmin].... you ned to add the route for the vlans......

 

HTH


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 4
Registered: ‎06-22-2016

Re: Clearpass, vlan on data interface

Thanks, but do i need to put an ip on the physical interface?

This would mean that the ip on the physical interface basically goes untagged on the network cable.

 

Second questions, if we would put for example a guest network on that vlan, directly connected, I guess no route is needed? Is the clearpass doing ip forwarding between the vlans? Meaning, can it be 'abused' as router? Goal is to put a guest portal on a seperate vlan, without giving the possibility to break out of that guest through the clearpass.

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Clearpass, vlan on data interface

Their is a dependency to have an IP address on the physical interface.

 

Directly connected should be good, basic IP routing there.

 

I 'think' but will check, we DO NOT allow IP forwarding between vlan's.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 4
Registered: ‎06-22-2016

Re: Clearpass, vlan on data interface

So the physical interface will put data on the cable Untagged (without vlan tag), the vlan addition with another ip, will put traffic on the wire with a vlan tag. Is that assumption correct?

I'm interested to hear about the routing. Wether the same route table is used for the physical interface and the vlan interface or wether they are different.

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Clearpass, vlan on data interface

Correct re VLAN - tags

 

I've been out the office for the last few days, I will speak to DEV next week when I'm back in the office. If I don't get back to you... ping me to remind me.......

 

djump@hpe.com

 

Cheers


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: