Security

 View Only
last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

This thread has been viewed 10 times
  • 1.  ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    MVP EXPERT
    Posted 24 days ago
    Hi,

    I need the settings for a ClearPass Enforcement Profile that authenticated Aruba Access Points in bridge mode.
    On Aruba AOS-S or AOS-CX you can use a enforcement profile like:

    Radius:IETF

    Tunnel-Type

    VLAN (10)

    Radius:IETF

    Tunnel-Medium-Type

    IEEE-802 (6)

    Radius:IETF

    Tunnel-Private-Group-Id

    70

    Radius:IETF

    Egress-VLANID

    822083674 = VLAN90

    Radius:IETF

    Egress-VLANID

    822083649 = VLAN65

    Radius:IETF

    Egress-VLANID

    822083609 = VLAN25

    Radius:Aruba

    Aruba-Port-Auth-Mode

    Infrastructure-Mode (1)


    Now i need the same like enforcement but for a HPe Comware 5130 switch. I think the Radius:IETF attributes works the same, but what is the equivalent  of the Radius:Aruba Aruba-Port-Auth-Mode attribute?

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------


  • 2.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP
    Best Answer

    Posted 23 days ago
    Hi Marcel,

    I'm afraid this is not possible. Afaik with Comware based switches you cannot change to "device mode" via RADIUS Return Parameter. You have to configure the ports connected to APs with local bridging enabled to port-based (dot1x port-method command).
    But if you find a way to switch the ports to port-based with a RADIUS Return Parameter please let me know, I'm dealing with this issue too...

    Best regards,
    Marco.


  • 3.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    Posted 23 days ago
    As Marco wrote, it's not possible. I'm trying to find automatic solution for this for many years without success.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------



  • 4.  RE: ClearPass Enforcement Profile Comware 5130 - Aruba Instant Bridged AP

    MVP EXPERT
    Posted 20 days ago
    Thanks both!

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------