Security

Reply
Moderator
Posts: 458
Registered: ‎11-09-2012

New TechNote on ClearPass and HP ProVision (ProCurve) Integration

 I’ve written a NEW TechNote covering some of the integration possible between CPPM and the HP Provision switches (commonly refereed to as ProCurve). The TechNote at this juncture is not as complete as we’d like but due to some other commitments we wanted to share with you what we have, its not as polished as normal but like I said we wanted to share what we had sooner rather than later. I expect this doc will go through multiple revisions over then next couple of months as we add new content, update what we know, correct what we have.  

 
 
You can find the document on the support site ClearPass and ProCurve Integration TechNote V1
 
 
 
Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.

Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP
Posts: 130
Registered: ‎06-11-2013

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Nice! Thanks for setting this up :)

 

We have done a number of HP ProCurve & ClearPass 802.1X/MAC auth (NAC) deployments; for us this Wiki-page from FreeRADIUS has been really useful: http://wiki.freeradius.org/vendor/HP

 

In your document you have been using the 2920 switches; you should really be testing multiple branches of the ProCurve-line because in our experience the 802.1X/MAC-auth behavior is NOT consistent.

 

One thing I'm missing in your document is the usage of RFC4675; "Egress-VLANID"; most recent ProCurve switches support this RFC which enables you to use dynamic VLAN assignment with *tagged* VLAN's. Very useful to use with VoIP-phones etc. This is described in the FreeRADIUS wiki-page. Drop me a message if you want an example ClearPass-config for this.

 

A document describing integration with H3C switches would be very useful as well. We have been running into issues with 802.1X/MAC auth/CoA on H3C switches, the implementation seems quite poor in comparision to ProCurve.

 


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Moderator
Posts: 458
Registered: ‎11-09-2012

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Hi Arjan,

 

In reverse, we have just started to work on H3C comware products and will get some thing out soon. As I said in my doc this posted version is not complete but I just wanted to get a start on things to the field. We are also aware of some nuances with H3C and we are engaging there DEV/Support team to better understand these issues.

 

Yes, please send me what you have on tagged vlans, and we can look at adding this in a V2 update later this month.

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 3
Registered: ‎08-18-2015

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Has the Comware guide been released?  I'm not finding anything.

Moderator
Posts: 458
Registered: ‎11-09-2012

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Derek,

 

Its not done I'm afraid. I'd been waiting for the V5/V7 code changes to be delivered with the CoA support. This is mainly out now but I've just not got to it with a lot of focus recently on our up-comming 6.6 release plus some other large internal projects.

 

Is their any specific you want?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
New Contributor
Posts: 3
Registered: ‎08-18-2015

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

I've been using ClearPass with ProVision switches successfully, but am moving our core to Comware and having some issues getting the return attribute(s) right. I'm finding people who get it working with conflicting configurations.




Derek Kuhr
IT Infrastructure Engineer, Think Whole Person Healthcare




T. 402-670-7242
derek.kuhr@thinkhealthcare.org
www.thinkhealthcare.org

IMPORTANT WARNING: This message is intended for the use of the person or entity to which it is addressed and may contain information that is confidential or privileged, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this information is strictly prohibited. If you have received this message by error, please notify us immediately by replying to this email and delete and destroy the related message.
Occasional Contributor II
Posts: 12
Registered: ‎02-23-2015

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Thanks.

 

before i read it, just making sure v2 hasnt been released? This is still the latest version of the doc??

 

Regards

 

Mike

Moderator
Posts: 458
Registered: ‎11-09-2012

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Mike,

 

I have a V2 in progress but no ready to be pubushed yet...... so your good to read the V1.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II
Posts: 12
Registered: ‎02-23-2015

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Hi Danny,

 

Are you aware of any guides/information for the new HPE (provision) "Captive portal for Clearpass" feature released in the new version 16 of HPE code?

 

Configururing the switch was easy and works fine, but i cant get clearpass policy to work for the guest authentication request from the clearpass login page :(

 

Regards

 

Mike

 

 

 

 

 

 

 

Moderator
Posts: 458
Registered: ‎11-09-2012

Re: New TechNote on ClearPass and HP ProVision (ProCurve) Integration

Ding..... I was planning on working on this THIS WEEK to add to the existing DOC and getting it out to the field.... events overtook me and I've been slammed from right-field..... hence why I'm still working 11:30PM PST :-(

 

Next week I'll hopefully get it done..... hopefully.....!!!!


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: