Security

Hi,

I am now working on implementing aruba clear pass with alcaltel switch.

earlier we had done all the configs using free radius soft. 

I need to keep my old radius server as authentication source . but want to pass the authentication control from free radius to aruba clear pass.

I have refreed to this below metioned video-->

https://www.youtube.com/watch?v=GWgfHCkDHMM

I beleive the above mentioned youtube tutorial was dedicated for  dynamic vlan scenario. but i need the configuration for static vlan scenario.

I am attching my configurations done in authentication server...

###########################################

Authentications server IP:135.249.47.251

                                     key:alcatel123

o/p of client.conf file in radius server

++++++++++++++++++++++++++++++

[root@pc-012 raddb]# cat clients.conf

client 135.249.41.194{
secret = alcatel123
login = polclient1
shortname = private-network-1
}

o/p of supplicant.conf file

+++++++++++++++++++++++++++++

auth_period = 150
network_list = all
identity = poluser3
default_netname = default
allow_types = all
eap-md5 {
username = poluser3
password = "1234567"
}

o/p of users file from radius server

+++++++++++++++++++++++++++++++++++

[root@pc-012 raddb]# pwd
/usr/local/etc/raddb
[root@pc-012 raddb]# !cat
cat users
# Fall-Through = Yes
#####Radius Auth CLI Users
poluser1 Cleartext-Password := "password1!"

SUPERUSER Cleartext-Password := "POL#150"

---------------------------------------------------
# On no match, the user is denied access.
peersheik Cleartext-Password := "1234567"
Service-Type = Framed-User,
Framed-IP-Address = 135.249.41.194,
Framed-IP-Netmask = 255.255.255.0,
Framed-MTU = 1500,
# Session-Timeout = 40

--------------------------------------------------

---------------------------------------------------
# On no match, the user is denied access.
polclient1 Cleartext-Password := "1234567"
Service-Type = Framed-User,
Framed-IP-Address = 135.249.41.194,
Framed-IP-Netmask = 255.255.255.0,
Framed-MTU = 1500,
# Session-Timeout = 40

--------------------------------------------------
---------------------------------------------------

configurations done in switch-(authentication client) : 135.249.41.194

###############################

configure system security radius auth-server RADAuthServ1 router-instance base ip-address 135.249.47.251 secret plain:alcatel123 timeout-limit 5
configure system security radius acc-server RADAccServ1 router-instance base ip-address 135.249.47.251 secret plain:alcatel123
configure system security radius dyn-auth-client RADAuthServ1 router-instance base ip-address 135.249.47.251 secret plain:alcatel123
configure system security radius policy RADPol23 nas-id MyNASID nas-ip-address 135.249.41.194
configure system security radius policy RADPol23 servers 2 auth-server name:RADAuthServ1 auth-router-inst base priority 162 acc-server name:RADAccServ1
configure system security domain alcatel.com authenticator radius:RADPol23
configure system security conn-profile Profile_1 version 1 domain-name alcatel.com reject-inv-domain
configure system security conn-policy conn-profile-name Profile_1
configure system security pae port-access

 clear pass server details:

###############################

Managemntport Ip address->135.249.43.111/24

Data/External Port->

Did you take a look at this solution guide? It doesn't directly cover Alcatel switches, but the ClearPass side is likely similar to some of the other vendors.

http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

i will look into the doc and will try to do all possible configurations