Security

Reply
New Contributor

Endpoint Profiling IAPs

Has anybody successfully been able to profile IAP's using a seperate management VLAN and user VLAN using a  MAC Auth service?

 

I am able to profile the IAP and return an enforcement profile using a MAC Auth service that will untag the port for management and tag the port for user traffic. The problem comes when clients associate to the SSID.  They successfully perform Radius authentication however when traffic reaches the port on the switch they are sent to the MAC Auth service and to the default enforcement profile associated with it.

 

I opened at TAC case with a Clearpass Engineer who also brought a Switch Enginner in on the call but so far we have been unable to resolve this.  I also engaged a few Aruba SE's but they also have no Ideas so I am hoping that somebody has done this and can let me know how they were able to over come this issue.

 

 

 

Scott Jamison
Guru Elite

Re: Endpoint Profiling IAPs

You need to use the Port Auth Mode VSA to change the interface to port based for the IAP authentication.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Endpoint Profiling IAPs

That worked great.  Thanks for the help and quick response.

Scott Jamison
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: