Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

I want to do VLAN enforcement based on device category on MAC authentication?

This thread has been viewed 0 times

  • 1.  I want to do VLAN enforcement based on device category on MAC authentication?

    Posted Oct 16, 2015 05:30 PM

    I have created MAC authentication Service for (Printers,IP Phones,Projectors..etc) now the thing is I want to do VLAn enforcmennt based on Device Category for Example:

     

    Printers Shall be in VLAn 20

    IP Phones Shall be in VLAN 30

     

    the thing is in endpoint I see the MAC of the devices but it is not profiled and Enabled profiling the only devices show as profield the PCs with ongaurd agent so what is the solvent for this issue as I want clearpass to profile all devices so I can do this Enforcment?



  • 2.  RE: I want to do VLAN enforcement based on device category on MAC authentication?

    EMPLOYEE
    Posted Oct 16, 2015 05:41 PM

    Do you have DHCP helper addresses on your client subnets pointing to
    ClearPass?

    Also, you'll want to enable profiling in the service for all devices.



  • 3.  RE: I want to do VLAN enforcement based on device category on MAC authentication?

    Posted Oct 16, 2015 06:06 PM

    ady enabled profiling and added the IP helper address on Interface VLANs pointing to Clearpass IP



  • 4.  RE: I want to do VLAN enforcement based on device category on MAC authentication?

    EMPLOYEE
    Posted Oct 16, 2015 06:08 PM
    Do you have CoA enabled? When the device moves from an unknown to profiled
    state, a CoA will be issued to force a reauthentication.