Security

Hi!

Me and my collegue are very new to Aruba, and especially Clearpass, and we are struggeling with a configuration for our very first Aruba/Clearpass customer.

 

We have gotten 802.1x and guest portal to work wireless, and it looks like we have gotten the 802.1x to work on the wired side aswell, however we are struggeling to get the endpoint profiling and authentication to work with what should be ip-phones, which is being connected to Aruba switches.

 

We have tried to create a service/profile that allows ip-phones in, and a service/profile that should give it only DHCP and the variable to update it to a known device, it still don't seem to work.

I've tried to google, and browse through these forums, but struggeling to find the information I am looking for.

 

If anyone had some really good tips or guides, I would really appriciate it as we are encountering a deadline very soon.

 

Best regards
-Sindre

HI,

 

As you mentioned that you are very new to CPPM and your deadline is approaching, I would suggest you to open a ticket with TAC. your issue seems to be configuration related, will be solved quickly if you work with TAC.

- Did you added ClearPass IP address as a dhcp ip helper under that VLAN ?
- Do you the endpoint repository as an authorization source on your service
- Then enable endpoint profiling on your service
- And finally add a rule at the end on your enforcement policy that gives a session timeout of a certain amount of time enough to allow the phones to get dhcp to dead end VLAN and once the session expired the device reauth and by then you will have the right the device category