https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/security_6200-6300-6400/Content/Chp_RAD_dyn_auth/RAD_dyn_auth_cmds/rad-dyn-aut-com-fl-10.htm
Original Message:
Sent: Mar 10, 2023 09:45 AM
From: vivarock12
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
Hi Shobana,
i had problem with the COA re-authenticate
this is the configuration i put on the ISE profile and sitll got no response from the switch
do you see anything bad in there??
am going to add the config of the switch i dont know if maybe theres something else that need to be done.
thanks for the help.
Original Message:
Sent: Mar 02, 2023 12:29 AM
From: Shobana Nandakumar
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
Yes we could send NAS-Filter-Rule via CoA.
------------------------------
Shobana
Aruba
Original Message:
Sent: Feb 28, 2023 10:45 AM
From: vivarock12
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
so i can add the:
and send that information on the reauthenticate for the Aruba siwtches rigth?
i think i gettoting so what you do on the definition of the ISE is defines de VSA that im going to send the switch rigth?
thanks for the help by the way.
Original Message:
Sent: Feb 28, 2023 01:17 AM
From: Shobana Nandakumar
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
You can initially deploy user role with policy and assign different user role having different policy based on your requirement using reauthentication CoA as below
------------------------------
Shobana
Aruba
Original Message:
Sent: Feb 27, 2023 10:13 AM
From: vivarock12
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
Hi Herman,
Yes i have configure DACL from ISE to ARUBA switches and its working perfectly but i need to do changes of the DACL and i havent figure out how to do that.(use vsa 92 standard by the way) if you need the config just let me do a session withb the cliente to do screenshot of ise and the config of the switch(the hardest part was to send the client ip address to ISE).
With the COA 'Terminate Session' if you have the experience with Cisco ISE could you show me how that configuration of the terminate session goes, i havent got that part i still have doubts with that configuration.
Saludos,
Gerardo Andree Mejia
Original Message:
Sent: Feb 27, 2023 06:36 AM
From: Herman Robers
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
What you normally would do is trigger a 'Terminate Session', where the switch will do a new authentication for the user/device and you can then return the new role/DACL as part of your policy/enforcement.
I'm not sure if ISE support DACL for Aruba switches, but you may fallback to user roles and return a local user role.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 23, 2023 06:53 PM
From: vivarock12
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
is there a way to do a reassing os the DACL, if ofr example on the cisco ISE for thet user i need ot assing him a new ACL, can id do that with the COA?
or is this not possible at all?
Original Message:
Sent: Mar 20, 2019 01:46 PM
From: ClarenceHillard2
Subject: Dynamic Vlan Assignment /DACL's with Cisco ISE and ArubaOS-Switch
Hi Created,
This guide below is how to set up DACL's and how to dynamically assign a vlan to a device connecting to the network.