Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass 6.11.1 VM new deployment - initial configuration

This thread has been viewed 32 times
  • 1.  Clearpass 6.11.1 VM new deployment - initial configuration

    Posted 29 days ago

    Is there a way to rerun the configuration wizard on a newly deployed version of Clearpass 6.11.1 on a ESXi server? The folks responsible for our ESX hosts, deployed the OVA, but believe may have answered the mgmt/data port usage wrong. I only want to use 1 port, the mgmt port, for both mgmt/data traffic, but the mgmt port shows link down with an IP address configured. The data port mac address shows up on my switch infrastructure, but no IP.  I don't want to have them redeploy the OVA.

    thanks



  • 2.  RE: Clearpass 6.11.1 VM new deployment - initial configuration

    MVP
    Posted 29 days ago

    I cannot find the reference now, but at least at one point, the port selection between mgmt & data depended on the mac addresses of the guest interfaces, There was a recommendation at one time, to swap the mac addresses if there were issues with the mgmt port.

    Personally, I take the lazy way out & configure both ESXi interfaces with the same VLAn & just let ClearPass use whatever one it chooses. I always only use the mgmt port too.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------



  • 3.  RE: Clearpass 6.11.1 VM new deployment - initial configuration

    MVP EXPERT
    Posted 29 days ago

    When deploy ClearPass enable both NIC interfaces and configure them with the same network vlan. Next configure only the mgmt interface during your initial ClearPass configuration. Using mgmt interface for bot mgmt/data traffic is best practice is most cases.

    Sometimes ClearPass turns the VM NIC interfaces, thats why i would recommend to enable both interface with same network.



    ------------------------------
    Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 4.  RE: Clearpass 6.11.1 VM new deployment - initial configuration

    Posted 16 days ago

    Thank you for your reply. We rebuilt the VM to make sure it wasn't something we did.

    Our standard is using best practice to have both mgmt/data over 1 port, however, Network Interface card #2 again has a lower mac address than Network Interface card #1, so I assume that card #2.  Is it okay to put IP address on network card #2?




  • 5.  RE: Clearpass 6.11.1 VM new deployment - initial configuration

    EMPLOYEE
    Posted 16 days ago

    The network interfaces will be ordered within the appliance based on the MAC address, the lower MAC address always being the MGMT port.  Pay zero attention to NIC 1/NIC 2 in the hypervisor, just look at the MAC addresses and make sure that the one with the lowest MAC address is the one you've configured for proper network connectivity in the hypervisor.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 6.  RE: Clearpass 6.11.1 VM new deployment - initial configuration

    Posted 16 days ago

    Thank you