Security

Dear Experts, 

we are working with a customer who has implemented static IPs and Vlans. They want to authenticate via CPPM (-> AD) only and also do posture checking. Since dynamic vlans from CPPM are not configured what is the alternate way to restrict access if client device is unhealthy or unknown? do we need to implement acls?

------------------------------
iqbal
------------------------------

Hi Iqbal

I do not know so much about Comware switches, but as you already guessed you are a bit limited in what actions you can implement in your environment.

But ACL on the switch and sending the ACL ID in an attribute from ClearPass to the switch should work.

Please check out this thread: https://community.arubanetworks.com/discussion/dynamic-acl-with-clearpass-and-comware-switches

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Mar 06, 2024 10:06 PM
From: Owais101
Subject: ClearPass posture with Comware switches

Dear Experts, 

we are working with a customer who has implemented static IPs and Vlans. They want to authenticate via CPPM (-> AD) only and also do posture checking. Since dynamic vlans from CPPM are not configured what is the alternate way to restrict access if client device is unhealthy or unknown? do we need to implement acls?

------------------------------
iqbal
------------------------------