Security

Reply
Occasional Contributor II

clearpass onguard agent communication throw cisco wired dot1x

hello,

we have 3 clearpass servers, we are deploying dot1x wired with cisco switch,

all worksation out of domain, and there is 2k end device,

we cant install onguard throw gpo cuz they are out of domain,

we are redirecting them to weblogin page to download the onguard and once its run its bounce the network and recheck if its healthy or no,

 we are redirecting client to cppm1 and end user download onguard agent from ccpm1,

we have added all cppm ips in the cluster , so its have to check the available server to establish connection for onguard,

we create below access-list on cisco

deny tcp any hots "cppm1 ip"

deny tcp any host "cppm2 ip"

deny tcp any host :cppm3 ip;

permit tcp any any

but on some devices its stuck on collecting helth information, and we can see the hit on access tracker that its healthy but we can bounce the network cuz onguard is stuck,

we have enabled on agnet profile the bounce is true,

 

i need clearpass to communicate throw port 6658

how to creare access list on cisco for it?

deny or permit?

do i need to create access list to permit 80,443 ,6658goint to clearpass or deny it?

Guru Elite

Re: clearpass onguard agent communication throw cisco wired dot1x

http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

It doesn't cover OnGuard specifically, but the captive portal logic for guest access can be used.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: clearpass onguard agent communication throw cisco wired dot1x

i have checked the document,

i just want you to confirm on if i permit www and 443 ,6658 port to my cppm address is that gonna help onguard agent to establish connection with cppm server?

 

Guru Elite

Re: clearpass onguard agent communication throw cisco wired dot1x

Only 6658 is required for agent communication.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: