Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

This thread has been viewed 0 times

  • 1.  Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    Posted Jul 14, 2013 02:12 AM

    Hi Guys,

    Good morning.

    I have some site with CPPM deployed there + Aruba controller.

    My client would like to take adavntage of the CPPM in order to do some NAC in front of two diffrent Wired switches:

    -HP A5500
    -Nortel BAYSTACK 5520-48T

     


    Can it be done? is there any config tips? is it controller via SNMP ? SSH/CLI/TELNET ? please advise.

     

    Thanks in advance.

     

    Me



  • 2.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    EMPLOYEE
    Posted Jul 15, 2013 05:35 PM

    It comes down to what you want to do and what the firmware on the device supports.

     

    Typically you want to use .1x   CPPM has the dictionaries already built in you will just need to enable them. (see screen shot)

     

    Most device that were made in the past 5 years or so support 80x.1x, to MAC auth to captive portal failover. You will need to check the feature list of the firmware on the device.

     

    The only issue that I have seen is that the HP switches are very strict on time. If the time on the switch and CPPM is off by just a second it will reject the auth request. In the testing that I have done we ended up turning off the time check on the switch for .1x.

     

    dict.png



  • 3.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    Posted Jul 16, 2013 05:09 AM
    thanks on info.


  • 4.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    Posted Dec 20, 2013 08:42 AM

    Hi,

     

    I have HP 2510-48 Switch(Procruve). I have enable dot1q on my hp switches and have done required configuration.

    I am getting correct vlan attribute from CPPM. Radius return request accept on switch but still not getting IP address from DHCP.

    Can you send me required configuration command on hp switch and router.

     

    Regards,

    Nikhil.



  • 5.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    EMPLOYEE
    Posted Dec 20, 2013 08:59 AM
    If your not getting any errors in CPPM then it sounds like you have a routing issue. Do you have a IP on the vlan?

    Unfortunately there are to many different vendors and models for us to have all the commands without having that model and it's firmware. You would need to contact HP s support if you can't find the commands by doing a search on the Web.


  • 6.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    Posted Dec 20, 2013 09:37 AM

    Hi Tarnold,

     

    Thank your for your reply...

     

    I am getting user request in CPPM & assigned correct inforcement profile.

    Yes i hv IP on Vlan.

    I have configured IP-helper on my router for CPPM & DHCP Server. Also create DHCP pool on Server.

    But i am not getting IP address on my PC.

     

     

     



  • 7.  RE: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

    EMPLOYEE
    Posted Dec 20, 2013 09:39 AM
    I would run the switch in debug mode and see if there are any errors.