Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass NAD - Aruba Controllers and Cisco switches in the same subnet

  • 1.  ClearPass NAD - Aruba Controllers and Cisco switches in the same subnet

    Posted 26 days ago
    I have large customer with tens of sites, and they have about 100 Cisco switches and few Aruba controllers per site/subnet. If I added NAD devices by subnet and not by IP address, what vendor name should I use in NAD configuration?

    - dos it make any difference if I configure it as Aruba or Cisco? I can have different services for wired and WLAN

    - what would happen if I created NADs for the same subnet twice, one time as Aruba and one time as Cisco?

    - Other than enabling radius dictionary, what is the effect of vendor name in NAD configuration?

    ------------------------------
    Ahmad Enaya
    ------------------------------


  • 2.  RE: ClearPass NAD - Aruba Controllers and Cisco switches in the same subnet

    Posted 26 days ago
    The answer is to be accurate on the device vendor. CPPM uses this to show you the correct CoA actions in the AT.

    You can also use the device attributes that are NOT functional, but provide you with a context to act on in policy.

    It is ugly, but as far as policy goes, you can send back both Cisco and Aruba VSAs and the appropriate vendor will reply to their VSA and ignore the others. Again, this is not BP, and can lead to a lot of confusion down the road.

    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------