Security

Reply
Regular Contributor I

contents of the logon-control ACL- ClearPass integration with Aruba

Hi all,

 

In Step 4 of p. 18 in "TechNote 1.1 - Aruba Wireless and ClearPass 6 Integration Guide.pdf", where we are creating a new pre-logon role for ClearPass on the Aruba Controller, it says,

 

Select the radio button for “Choose From Configured Policies” and select the policy called “logon-control (session)”.

 

I'm running 6.1.3.7 and do not seem to have that ACL. Could someone please look on their controller and tell me what the contents of this ACL is?

 

Thanks,

Mike

 

Aruba

Re: contents of the logon-control ACL- ClearPass integration with Aruba

The default logon-control ACL is as follows:

 

ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit

 

 

You may or may not need it depending on your other ACLs and what you want for pre-logon.  

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I

Re: contents of the logon-control ACL- ClearPass integration with Aruba

Perfect thanks!

Mike
Occasional Contributor II

Re: contents of the logon-control ACL- ClearPass integration with Aruba

Hi everyone,

 

I have a query:

 

I have done 802.1x authentication using EAP-PEAP-MSCHAv2 using Aruba ClearPass as the Authentication server and Aruba Mobility Controller.

I integrated my AD with the ClearPass and downloaded the certificate from AD CS to the controller. I gave default enforcement profile and enforcement Policy.

 

Authentication is working fine and i could see in  the access tracker that the domain PC is authenticated.

But the problem is i dont have PEFNG Licensce in my controller and as a result i cannot create a user role in my Aruba Controller. So after authentication i can see that  the users are falling to GUEST Role and these users are not able to access internal servers or share folders or internet.

They can ping the internal Resources but not able to access it.

 

What might be causing issue?

 

Is there any way to create a user role and access lists for this user in the Aruba ClearPass and enforce it on the 802.1X SSID?? so that i can get away without purchasing the PEFNG License.

 

Any suggestions or advices would be really helpul as my manager is my eating my head over this.

 

Thank you.

Re: contents of the logon-control ACL- ClearPass integration with Aruba

You can either return it from clearpass or assign it under aaa profile / the default 802.1X role “authenticated” role

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: