Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎12-05-2013

clearpass without onguard for wired devices

We want to achieve following
From same broadcast domain identify ad domain machine n allocate dhcp IP of subnet 1 and on other hand identify non ad domain machine (with known Mac address) n allocate dhcp IP of sunset 2. This requirement for wired systems and we have switches which are 802.1x. Can I achieve this with base clear pass policy manager without using on guard?
Guru Elite
Posts: 8,795
Registered: ‎09-08-2010

Re: clearpass without onguard for wired devices

[ Edited ]

Yes, you can do that with the base Policy Manager license. 

 

CPPM has a built-in Machine Authentication role that allows you to make policy decisions about AD-joined machines and then return back a specific VLAN (or if you are using Aruba switches, you can return back a user role). 

 

You can then check the remaining devices against an external database, network registration system, or utilize the built-in endpoint repository as your authoritative device database.

 

OnGuard allows you to get more granular with your policy decisions by using posture checks like antimalware software and updates. You can also check for software like torrent applications and leave the device in a specific state until the software is removed.

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎12-05-2013

Re: clearpass without onguard for wired devices

Thanx Tim,
Further can we allocate a vlan based on the switch meant from a location?
Location 1
Ad systems 10.1.x.x
Non ad systems 10.2.x.x

Location 2
Ad systems 10.3.x.x
Non ad systems 10.4.x.x

This should be possible through cppm?

Tejas
Guru Elite
Posts: 8,795
Registered: ‎09-08-2010

Re: clearpass without onguard for wired devices

Yes, you can do this in a few different ways:

- put the switches into groups in ClearPass and then make your policies
based on the group

- use something like the NAS-ID as a location tag.

Pretty much anything in the RADIUS request can be referenced in your policy
decisions.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎12-05-2013

Re: clearpass without onguard for wired devices

Hey thanx for your response. I will test n update.
Search Airheads
Showing results for 
Search instead for 
Did you mean: