Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cluster enforcement profiles

This thread has been viewed 0 times

  • 1.  Cluster enforcement profiles

    Posted Jun 25, 2014 06:22 PM
    Is there a good way to manage different radius return attributes to a controller that will be pointed at 2 clearpass servers. If CPPM01 process request I want to return the logon role that will redirect to CPPM01/guest and if CPPM02 does the request then return logon role for CPPM02/guest. I know I can do this with multiple enforcement rules but I was trying to reduce the rule count.
    Thanks


  • 2.  RE: Cluster enforcement profiles

    EMPLOYEE
    Posted Jun 25, 2014 06:51 PM
    Are the network devices (controllers / switches) all pointed to a specific CP server? You can add attributes to each NAD in the Network Device configuration which you can then use in your enforcement.


  • 3.  RE: Cluster enforcement profiles
    Best Answer

    Posted Jun 25, 2014 08:18 PM
    Yes the one aruba controller is pointed at two CPPM servers. If one goes down I still want to be able to process web-auth requests. Just trying to do it with just a few rules.


  • 4.  RE: Cluster enforcement profiles

    EMPLOYEE
    Posted Jun 25, 2014 08:21 PM
    Both servers can authenticate existing guest users. If the publisher goes down, you would need to promote the subscriber to publisher in order to create NEW guest accounts. The best solution here is to use a virtual IP along with the auto promote publisher feature.