Security

Reply
MVP
Posts: 1,409
Registered: ‎05-28-2008

Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

Hi Guys,

Good morning.

I have some site with CPPM deployed there + Aruba controller.

My client would like to take adavntage of the CPPM in order to do some NAC in front of two diffrent Wired switches:

-HP A5500
-Nortel BAYSTACK 5520-48T

 


Can it be done? is there any config tips? is it controller via SNMP ? SSH/CLI/TELNET ? please advise.

 

Thanks in advance.

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

It comes down to what you want to do and what the firmware on the device supports.

 

Typically you want to use .1x   CPPM has the dictionaries already built in you will just need to enable them. (see screen shot)

 

Most device that were made in the past 5 years or so support 80x.1x, to MAC auth to captive portal failover. You will need to check the feature list of the firmware on the device.

 

The only issue that I have seen is that the HP switches are very strict on time. If the time on the switch and CPPM is off by just a second it will reject the auth request. In the testing that I have done we ended up turning off the time check on the switch for .1x.

 

dict.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

thanks on info.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor II
Posts: 184
Registered: ‎04-17-2013

Re: Wired Switches of Nortel & HP - can be secured/naced by CPPM? please advise

Hi,

 

I have HP 2510-48 Switch(Procruve). I have enable dot1q on my hp switches and have done required configuration.

I am getting correct vlan attribute from CPPM. Radius return request accept on switch but still not getting IP address from DHCP.

Can you send me required configuration command on hp switch and router.

 

Regards,

Nikhil.

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Wired Switches of Nortel

If your not getting any errors in CPPM then it sounds like you have a routing issue. Do you have a IP on the vlan?

Unfortunately there are to many different vendors and models for us to have all the commands without having that model and it's firmware. You would need to contact HP s support if you can't find the commands by doing a search on the Web.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor II
Posts: 184
Registered: ‎04-17-2013

Re: Wired Switches of Nortel

Hi Tarnold,

 

Thank your for your reply...

 

I am getting user request in CPPM & assigned correct inforcement profile.

Yes i hv IP on Vlan.

I have configured IP-helper on my router for CPPM & DHCP Server. Also create DHCP pool on Server.

But i am not getting IP address on my PC.

 

 

 

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Wired Switches of Nortel

I would run the switch in debug mode and see if there are any errors.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: