Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Remediation Vlan - Out of the box PC

This thread has been viewed 0 times

  • 1.  Remediation Vlan - Out of the box PC

    Posted Jun 20, 2017 08:24 AM

    Hi All,

    Facts : 

    1. Regular network vlan - permit by 802.1x and Machine certificate

    2. Remediation vlan - all devices that fails going to this vlan (include macs that not exist on the database)

     

    We created this Remediation vlan in order to drop all devices that can't authenticate with 802.1x or Mac address. It's working great but we have a small issue with out of the box pc's that need to get image with PXE. In order for the pc to get an ip address, i need to change status to known and then i can start the image proccess. 

     

    My question is this, Can this proccess be an automated process without human intervention? Can clearpass identify by set of rules that the PC is going to PXE proccess ?

     

    Thank you

    Shmulik Mazor

     

     



  • 2.  RE: Remediation Vlan - Out of the box PC

    EMPLOYEE
    Posted Jun 20, 2017 09:07 AM
    Just use Allow All MAC Auth to drop any machine that doesn’t use 802.1X into the remediation VLAN.


  • 3.  RE: Remediation Vlan - Out of the box PC

    Posted Jun 20, 2017 01:24 PM

    Our Remediation vlan is limited to some servers in order to let new/old pc to install a new image. 

     

    Everything that not authenticate with 802.1x are droping to that vlan (not only computers) so i guessing allowing them to get the network is not an option without approve them.

     

    Maybe out approach is not correct ? 

     

    Thank you