Security

Reply
Aruba Employee
Posts: 1
Registered: ‎10-31-2013

Is anybody using Clearpass for NAC over Juniper Switches with good success?

I am looking to instill some confidence in a University that plans to deploy Clearpass OnGuard for NAC across their Juniper Switch population.  Is anyone doing this with success today?

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Is anybody using Clearpass for NAC over Juniper Switches with good success?

I worked on a project using ClearPass Onguard with Avaya/Juniper switches, the issue is that those switches dont support that URL redirect if it is required to redirect the user to download the agent or to a remediation page .

 

What we end up doing was using the Aruba Controller inline using two VLANs :

- One VLAN to redirect the user to download page if using a NON-DOMAIN devices 

- Second VLAN to redirect the user when the device wasn't compliant 

 

For this to work you need to have these VLANs untrusted on another unused port and assigned a AAA Profile to each VLAN :

NOTE: These VLANs need to added all accros the infrastructure , so there's a lot of changes that need to made to make this happen

2015-02-26 10_40_14-Controller Inline.docx - Microsoft Word.png

2015-02-26 10_41_17-Controller Inline.docx - Microsoft Word.png

2015-02-26 10_40_27-Controller Inline.docx - Microsoft Word.png

 

There's other ways of doing this with DNS tricks but I have not use those.

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: