Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired network protection with Clearpass x Domain

This thread has been viewed 2 times

  • 1.  Wired network protection with Clearpass x Domain

    Posted May 19, 2015 08:22 PM

    I wanna protect my wired network with Clearpass so clients that are not in my domain can't access it. Today this users, guests or BYOD's, when wired connected, can get an IP address and see network stuffs.



  • 2.  RE: Wired network protection with Clearpass x Domain

    EMPLOYEE
    Posted May 19, 2015 08:24 PM

    Wired 802.1X can be very a large project to setup. Are you working with an Aruba Partner?

     

    What kind of switches and what code levels?



  • 3.  RE: Wired network protection with Clearpass x Domain

    Posted May 19, 2015 08:38 PM

    Hi Tim, 

    We have an Aruba partner but i will have their contact in the next days, because the person that have it is out of office.

    I wanna that solution for access switches, like Cisco WS2960. My company is 80% Enterasys and 20% Cisco. 

    Thanks in advance!



  • 4.  RE: Wired network protection with Clearpass x Domain

    Posted May 24, 2015 09:07 AM

    what exactly are you asking for here? you want to know if it is possible or do you want a whole design done?

     

    as Tim already suggests it is something you want to setup with a partner or SE. there are many things to think about and to test before rolling it out through a whole company.

     

    in my experience a proof of concept would be a good first step, get a trial clearpass setup and see if your switches support the needed functionallity. ClearPass can do this easily, but a lot depends on your clients (desktops, printers, ...) and your switches. and then just Cisco and subtype is not enough.

     

    when i look at the 2960 with LAN base firm it seems to support some of the important parts:

    Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC Authentication Bypass and web authentication using a single, consistent configuration.

    RADIUS Change of Authorization and downloadable calls for comprehensive policy management capabilities.

     

    but again, how well it works will have to be tested.



  • 5.  RE: Wired network protection with Clearpass x Domain

    Posted May 24, 2015 11:42 AM

    Boneyard,

    I wanna know if it is possíble and how difficult it is. I am already in contact with an Aruba partner to start a POC. I believe in some days i will be able to share my experience with you.

    Thank you very much for your reply!

    Regards,

    Marcelo



  • 6.  RE: Wired network protection with Clearpass x Domain

    Posted May 24, 2015 01:54 PM

    that is good to hear Marcelo, in my opinion if you know your limitation then wired dot1x is very possible and ClearPass helps a lot in deploying it.



  • 7.  RE: Wired network protection with Clearpass x Domain

    Posted Nov 11, 2015 11:23 PM

    mrodryguez - did you find a solution.

    I have similar issue I have clearpass managing the wifi in hotel and want to use it to manage the guest access on the wired points in the room



  • 8.  RE: Wired network protection with Clearpass x Domain

    EMPLOYEE
    Posted Nov 12, 2015 01:31 AM

    What specifically do you need assistance with?