Security

 View Only
last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass and Aruba OSCX switches configuration

This thread has been viewed 14 times
  • 1.  Clearpass and Aruba OSCX switches configuration

    Posted Sep 06, 2024 01:03 AM

    Hi!

    I am looking for configurations what is recommended to use in Aruba OSCX switch when Clearpass servers are unavailable. This system is so critical and we are using radius authentication in hospital and i am worried about authentication if something happens. If WAN connections is lost or servers are some reason unavailable. 

    Can you help me with this kind of scenarious? How i can take these things into account in the switch configurations? 



  • 2.  RE: Clearpass and Aruba OSCX switches configuration

    Posted 28 days ago

    Hi,

    You can use the cached reauthentication feature in a role for AOS-CX switches. Let ClearPass assign a role on authentication and in the role you can have a cached reauth period for the period you want (24 hours in the example) which means that if the ClearPass is not reachable upon reauthentication the role for the device is cached on the port.

    port-access role iot
        description role for iot device
        auth-mode client-mode
        reauth-period 14400
        cached-reauth-period 86400
        vlan access 30




  • 3.  RE: Clearpass and Aruba OSCX switches configuration

    Posted 28 days ago

    Hi,

    it might be worth checking for "chaed critical" (limited authentication survivability) and role assignement for infrastructure devices via LLDP role mapping on the switch in parallel to assigning roles via ClearPass.

    Kind regards

    Martin



    ------------------------------
    Martin
    ------------------------------