Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RFC3576 config question.

This thread has been viewed 2 times

  • 1.  RFC3576 config question.

    Posted Nov 04, 2015 08:22 AM

    Hi,

    I've got a CPPM cluster that we load balance auth requests to from our mobility controllers. Am I right in assuming that I only need to configure an entry for the master publisher Ip address on the controllers as a 3576 capable server given that any CoA commands will be coming from a gui connected to the master publisher?

     

    What do other people do when you've got a load balanced group of clearpass servers and want to mplement CoA ?

    Rgds

    Alex



  • 2.  RE: RFC3576 config question.

    EMPLOYEE
    Posted Nov 04, 2015 08:24 AM
    You should add all of your ClearPass servers as authorized RFC 3576 servers on the controller.


    Thanks,
    Tim


  • 3.  RE: RFC3576 config question.

    Posted Nov 04, 2015 08:35 AM

    Just to complicate matters, I've got eeach cppm VM set up with 2 network interfaces, the management side is set up on 144.32.128.0/23 while the data side is set up on 144.32.126.0/23. Our load balancer load balances auth-requests over the data interfaces i.e. 144.32.126.xxx

     

    Which set of interfaces do I use for the CoA? Data side?

     

    A



  • 4.  RE: RFC3576 config question.

    EMPLOYEE
    Posted Nov 04, 2015 09:10 AM
    In that case, is should be the data side.

    Take a look at this doc:
    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=14011