Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM <-> AOS: User role for Access-Points

Jump to Best Answer
  • 1.  CPPM <-> AOS: User role for Access-Points

    Posted Oct 07, 2019 09:11 AM

    Hi all,

     

    We are currently setting up Clearpass (6.8.2.109931on C2000V platform) and Aruba 2930F/M Switches with WC.16.09.0004. My goal is to keep the config on the Access-Switches as simple as possible. All "brain" should be in Clearpass. So I successfully configured Downloadable User Roles.

     

    Scenario: All Access-Ports on the Swich are configured to authenticate via 802.1X and fallback to MAC-Auth.

     

    Problem: WLAN-Access-Points (Sophos) work fine. But as soon as Clients connect to the AP, Clearpass has to handle multiple MAC-Authentications.

     

    Question: It it possible to disable MAC-Authentication on a access-port where an WLAN-Access-Point is connected by using an (advanced) Aruba User Role sent by CPPM when an AP connect to a access-port?

     

    I hope you got my point ... Otherwise I am happy to answer questions!

     

    Best regards

    Stefan



  • 2.  RE: CPPM <-> AOS: User role for Access-Points

    Posted Oct 07, 2019 01:06 PM

    AP should not trigger MAC authentication for the clients trying to connect via WiFi unless the SSID is configured to do so. Basically, the request for MAC auth for wireless clients should only come from the NAD (Access Point/Controller) and not the wired switch



  • 3.  RE: CPPM <-> AOS: User role for Access-Points
    Best Answer

    Posted Oct 07, 2019 08:23 PM

    Screen Shot 2019-10-07 at 8.22.03 PM.png



  • 4.  RE: CPPM <-> AOS: User role for Access-Points

    Posted Oct 09, 2019 04:01 AM

    Works like a charm! Thank you very much for the fast and useful reply!