Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

This thread has been viewed 10 times

  • 1.  ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    MVP EXPERT
    Posted Nov 10, 2022 05:38 PM
    Hi,

    I need the settings for a ClearPass Enforcement Profile that authenticated Aruba Access Points in bridge mode.
    On Aruba AOS-S or AOS-CX you can use a enforcement profile like:

    Radius:IETF

    Tunnel-Type

    VLAN (10)

    Radius:IETF

    Tunnel-Medium-Type

    IEEE-802 (6)

    Radius:IETF

    Tunnel-Private-Group-Id

    70

    Radius:IETF

    Egress-VLANID

    822083674 = VLAN90

    Radius:IETF

    Egress-VLANID

    822083649 = VLAN65

    Radius:IETF

    Egress-VLANID

    822083609 = VLAN25

    Radius:Aruba

    Aruba-Port-Auth-Mode

    Infrastructure-Mode (1)

    Now i need the same like enforcement but for a HPe Comware 5130 switch. I think the Radius:IETF attributes works the same, but what is the equivalent  of the Radius:Aruba Aruba-Port-Auth-Mode attribute?

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------


  • 2.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP
    Best Answer

    Posted Nov 11, 2022 02:07 AM
    Hi Marcel,

    I'm afraid this is not possible. Afaik with Comware based switches you cannot change to "device mode" via RADIUS Return Parameter. You have to configure the ports connected to APs with local bridging enabled to port-based (dot1x port-method command). 
    But if you find a way to switch the ports to port-based with a RADIUS Return Parameter please let me know, I'm dealing with this issue too...

    Best regards,
    Marco.
    Original Message


  • 3.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    Posted Nov 11, 2022 03:43 AM
    As Marco wrote, it's not possible. I'm trying to find automatic solution for this for many years without success.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------

    Original Message


  • 4.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    MVP EXPERT
    Posted Nov 14, 2022 03:21 PM
    Thanks both!

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------

    Original Message