Hello , We have a requirement
In our network , we only have data vlan
we have configured NAC on all the wired network for few sites .
We have configured the 2 CPPM servers primary and secondary in the config
The requirement is if both the cppm servers become unreachable , the access port should fall to default data vlan .
We cant create a separate critical vlan on each site due to budget issues for network people .
Can we use the data vlan as the critical vlan
Our 95% environment is HPE Switch 5130
and 5 % cisco 9300
I can't see a reason why not, besides that is may not be desirable from a security standpoint to 'fail open' in the data VLAN. Attackers may trigger a failure, thereby bypassing your security. 'Fail open' / 'fail closed' is always a decision that needs to be made based on most times conflicting security and availability requirements. There is no universal answer to the question if you need to fail open or closed.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.