Security

Reply
Frequent Contributor II

How to limit bandwidth in 802.1X with CPPM

Hi community,

 

This seems to be a basic question but I don't know how to do it with CPPM. I tried to look at Aruba-defined Radius attributes but can't find anything related to QoS. Could you please share some tips / guideline on how to implement QoS (or at least limit bandwidth) in 802.1X with CPPM?

 

Thank you,

Guru Elite

Re: How to limit bandwidth in 802.1X with CPPM

It's done on the controller in the user role.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: How to limit bandwidth in 802.1X with CPPM

Hi Tim,

 

I'm configuring the controller to download roles from CPPM, and it seems that only session ACL works with downloadable roles. Do I have to give up this feature and use locally-defined roles on controller instead?

 

Thank you,

Guru Elite

Re: How to limit bandwidth in 802.1X with CPPM

Can you please provide an example from the controller side of what you're trying to use with downloadable user roles?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: How to limit bandwidth in 802.1X with CPPM

I'm using downloadable roles to send back ACL definition (which defines default internal tools that users are authorized to access) to the controller. Another requirement is that each user should be limited to 20M of bandwidth. I tried using policer profile in downloadable roles (available in CPPM configuration) but the controller always complained "unsupported keyword" when it encounters cir command received from CPPM. So I guess only session ACL currently works with downloadable roles.

 

If I want to satisfy the requirement of 20M of bandwidth per user, I think the only way to do it is to define role locally on the controller, as you have mentioned. Downloadable roles and locally defined role probably cannot work and complement each other. Or am I missing something?

 

Thank you,

 

 

Guru Elite

Re: How to limit bandwidth in 802.1X with CPPM

It is not available in the UI mode (Standard Mode) but you can use Advanced Mode in the DUR enforcement profile to define this configuration.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: How to limit bandwidth in 802.1X with CPPM

Well, that's exactly what I did. The following configuration was generated:

 

policer-profile abc
    cbs 5
    cir 5
    ebs 10
    exceed-action permit
    violate-action drop
!
user-role cppmrole
    policer-profile abc
!

 

But from the log messages on the controller, it complained that cir and ebs are unsupported keywords when it attempts to download role from CPPM. I'm running ArubaOS 8.2 on the controller.

 

Thank you,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: