Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

Dynamic Segmentation Aruba CX - Do I need a Controller/Central?

This thread has been viewed 16 times
  • 1.  Dynamic Segmentation Aruba CX - Do I need a Controller/Central?

    Posted May 23, 2023 01:17 AM

    Hi Guys,

    With Aruba CX switches, do I need a controller/Central to make this work?

    Thanks
    Champ



  • 2.  RE: Dynamic Segmentation Aruba CX - Do I need a Controller/Central?

    EMPLOYEE
    Posted May 23, 2023 09:11 PM

    you need a controller/gateway only if you want to statically of dynamically build overlay tunnels from your CX switches.
    but if you want the traffic from the authenticated users to be bridged then you dont need a Conytroller or Aruba Central.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Dynamic Segmentation Aruba CX - Do I need a Controller/Central?

    Posted May 23, 2023 10:06 PM

    Hi. 

    I just want user authenticating to be able to use Roles through services declared on clearpass. 

    Do CX switches natively support pef licensing?

    Just trying to work out how authentication dot1x actually gets passed to clearpass for further processing. 




  • 4.  RE: Dynamic Segmentation Aruba CX - Do I need a Controller/Central?
    Best Answer

    Posted May 25, 2023 12:36 PM

    Hi, 

    You are mixing different things. Let me break it down for you

    1) There is no PEF licensing in CX switches. PEF licensing is available in Wireless Controllers (aka Gateways)
    2) Dynamic Segmentation in a nutshell is authenticating users and assigning them network segments (Vlans/Roles). This is done as a standard Dot1x configuration. Switches are configured with AAA Radius Dot1x configuration on global and port level. Once the device connects to the port, the dot1x process initiates. Credentials are then forwarded to ClearPass for authentication, once authentication succeeds, the port is configured with returned attributes such as Roles, Vlans etc.




  • 5.  RE: Dynamic Segmentation Aruba CX - Do I need a Controller/Central?

    Posted May 29, 2023 04:36 AM

    Thanks@Ronin101 for clarifying.
    That makes sesnse now.