Security

Reply
Regular Contributor I
Posts: 184
Registered: ‎03-22-2013

Wired .1x cisco switch and cppm - q's about knowledgebase article

Am following this guide to test .1x on the wired network...

 

http://community.arubanetworks.com/t5/tkb/articleprintpage/tkb-id/AAANACGuestAccessBYOD/article-id/283

 

Was using a 3750, so was able to use the same commands as highlighted, however, there is no details on what the IP's that are used actually refer too...  

 

Reading through the guide, Ive assumed the following:

 

10.30.156.130 is the AD Server

10.30.156.132 is the Cisco Switch

 

But cant figure out what this actually refers to as there is no other reference to it in the article...  I would have assumed the AAA server would have been the Radisu server, i.e., CPPM...

 

Next we need to add a AAA server for dynamic authorization. Here’s how we do that:

Cisco-3750-Lab(config)# aaa server radius dynamic-author
Cisco-3750-Lab(config-locsvr-da-radius)# client 10.30.156.119 server-key aruba123
Cisco-3750-Lab(config-locsvr-da-radius)# port 3799
Cisco-3750-Lab(config-locsvr-da-radius)# auth-type all
Cisco-3750-Lab(config-locsvr-da-radius)# exit
Cisco-3750-Lab(config)#
 
 
 
Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: Wired .1x cisco switch and cppm - q's about knowledgebase article

In that example, there are 3 IP Addresses, they should refer to the following.    Also consider looking at the Aruba Solution Exchange entry for Cisco Wired 801.1X

 

  • 10.30.156.119 - ClearPass Policy Manager (RADIUS Server)
  • 10.30.156.130 - AD Domain Controller (Authentication Source for CPPM)
  • 10.30.156.132 - Cisco switch (RADIUS Client)

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I
Posts: 184
Registered: ‎03-22-2013

Re: Wired .1x cisco switch and cppm - q's about knowledgebase article

Thanks.. I did think that, but seeing the term "client" in the code, I assumed it may have been the switch IP, rather then it actually meaning the server.

 

Ill give that a go.. an thanks for the link!

 

Cheers

 

 

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: Wired .1x cisco switch and cppm - q's about knowledgebase article

In that part of the config, it is setting the Change of Authorization (CoA) configuratin on the Cisco switch; so in essence CPPM is the client to the switch for CoA.


Taken from Cisco docs:

 

aaa server radius dynamic-author

Enters dynamic authorization local server configuration mode and specifies a RADIUS client from which a device accepts Change of Authorization (CoA) and disconnect requests. Configures the device as a AAA server to facilitate interaction with an external policy server.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: