Security

I have large customer with tens of sites, and they have about 100 Cisco switches and few Aruba controllers per site/subnet. If I added NAD devices by subnet and not by IP address, what vendor name should I use in NAD configuration?

- dos it make any difference if I configure it as Aruba or Cisco? I can have different services for wired and WLAN

- what would happen if I created NADs for the same subnet twice, one time as Aruba and one time as Cisco?

- Other than enabling radius dictionary, what is the effect of vendor name in NAD configuration?

------------------------------
Ahmad Enaya
------------------------------

The answer is to be accurate on the device vendor. CPPM uses this to show you the correct CoA actions in the AT.

You can also use the device attributes that are NOT functional, but provide you with a context to act on in policy.

It is ugly, but as far as policy goes, you can send back both Cisco and Aruba VSAs and the appropriate vendor will reply to their VSA and ignore the others. Again, this is not BP, and can lead to a lot of confusion down the road.

------------------------------
ACCX #1239 || ACEP || ACSP || CWNA || CWSP
------------------------------

Original Message:
Sent: Nov 02, 2020 12:21 PM
From: Ahmad Enaya
Subject: ClearPass NAD - Aruba Controllers and Cisco switches in the same subnet

I have large customer with tens of sites, and they have about 100 Cisco switches and few Aruba controllers per site/subnet. If I added NAD devices by subnet and not by IP address, what vendor name should I use in NAD configuration?

- dos it make any difference if I configure it as Aruba or Cisco? I can have different services for wired and WLAN

- what would happen if I created NADs for the same subnet twice, one time as Aruba and one time as Cisco?

- Other than enabling radius dictionary, what is the effect of vendor name in NAD configuration?

------------------------------
Ahmad Enaya
------------------------------