Security

Hi!

I am looking for configurations what is recommended to use in Aruba OSCX switch when Clearpass servers are unavailable. This system is so critical and we are using radius authentication in hospital and i am worried about authentication if something happens. If WAN connections is lost or servers are some reason unavailable. 

Can you help me with this kind of scenarious? How i can take these things into account in the switch configurations? 

Hi,

You can use the cached reauthentication feature in a role for AOS-CX switches. Let ClearPass assign a role on authentication and in the role you can have a cached reauth period for the period you want (24 hours in the example) which means that if the ClearPass is not reachable upon reauthentication the role for the device is cached on the port.

port-access role iot
    description role for iot device
    auth-mode client-mode
    reauth-period 14400
    cached-reauth-period 86400
    vlan access 30

Hi,

it might be worth checking for "chaed critical" (limited authentication survivability) and role assignement for infrastructure devices via LLDP role mapping on the switch in parallel to assigning roles via ClearPass.

Kind regards

Martin