Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What is the correct way to authorize AP's on a switch.

This thread has been viewed 0 times

  • 1.  What is the correct way to authorize AP's on a switch.

    Posted Feb 24, 2018 10:15 PM

    New ClearPass implementation. Need to authenticate AP's on an Aruba switch to ensure users don't plug in an AP and create their own wireless network. Ports are setup for 802.1x & Mac authentication. Thought I had everything setup correctly, but when I activated everything, the AP's authenticated and were assigned a VLAN, but the wireless clients weren't able to get an IP address and were assigned a deny all profile. Have several different SSID's that need different VLANs. These swithes are 2530's so I'm assigning a role. Other switches will be 2520's that don't support roles. Haven't been able to find anything showing the proper config for this scenario. Using Ruckus APs, but will also be deploying Aruba APs at a new location soon.


    Thanks.

     



  • 2.  RE: What is the correct way to authorize AP's on a switch.

    Posted Feb 27, 2018 12:46 AM

    In my experience it will depend on whether or not you are using a controller. If you are using a controller, then you can set your switch port to do dot1x and everything will work as expected due to GRE tunneling. If you are using IAPs, then you have not choice but to configure the port as a trunk,

     

    When I was testing doing dot1x with IAPs, the APs could get IPs, and the clients connected to the AP would auth, but no IP was never obtained due to how the work was configured.

     

    I could definitely be wrong, this is just my experience.