Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Is anybody using Clearpass for NAC over Juniper Switches with good success?

This thread has been viewed 0 times

  • 1.  Is anybody using Clearpass for NAC over Juniper Switches with good success?

    Posted Feb 26, 2015 09:24 AM

    I am looking to instill some confidence in a University that plans to deploy Clearpass OnGuard for NAC across their Juniper Switch population.  Is anyone doing this with success today?



  • 2.  RE: Is anybody using Clearpass for NAC over Juniper Switches with good success?

    Posted Feb 26, 2015 10:44 AM

    I worked on a project using ClearPass Onguard with Avaya/Juniper switches, the issue is that those switches dont support that URL redirect if it is required to redirect the user to download the agent or to a remediation page .

     

    What we end up doing was using the Aruba Controller inline using two VLANs :

    - One VLAN to redirect the user to download page if using a NON-DOMAIN devices 

    - Second VLAN to redirect the user when the device wasn't compliant 

     

    For this to work you need to have these VLANs untrusted on another unused port and assigned a AAA Profile to each VLAN :

    NOTE: These VLANs need to added all accros the infrastructure , so there's a lot of changes that need to made to make this happen

    2015-02-26 10_40_14-Controller Inline.docx - Microsoft Word.png

    2015-02-26 10_41_17-Controller Inline.docx - Microsoft Word.png

    2015-02-26 10_40_27-Controller Inline.docx - Microsoft Word.png

     

    There's other ways of doing this with DNS tricks but I have not use those.