Security

 View Only
last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Onguard Webauth Service for different switches

This thread has been viewed 12 times
  • 1.  Onguard Webauth Service for different switches

    Posted 28 days ago

    Dear Experts, 

    I have configured 3 x onguard web auth service for Cisco, H3C and Aruba (since all have different CoA). In the service matching criteria, how can i differentiate between a client coming from a cisco switch vs other switches? i have checked the radius input parameters and it doesnt mention the IP address of the NAD. 

    Or am i doing something wrong?



  • 2.  RE: Onguard Webauth Service for different switches

    Posted 28 days ago

    Hi.


    You have several options. 

    1. Create device groups for Cisco, H3C and Aruba swithces and put correct switches into their respective groups. This is usually how I do this so I can use these groups to limit enforcement profiles to specific NAD OS.
    2.  Add attribute to NAD device registration and check for this attribute value. Not very flexible, but can be handy sometime.

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 3.  RE: Onguard Webauth Service for different switches

    Posted 28 days ago
    Dear Gorazd,

    I checked the webauth request in access tracker. NAD ip address is not mentioned. How can i apply filter of device group then?





  • 4.  RE: Onguard Webauth Service for different switches

    Posted 28 days ago

    Hi Owais.

    You can include enforcement profiles for all platforms in the enforcement policy as last resort.

    It is quite difficult to gues, what you are doing wrong as no info is provided to analyze it. Can you post sanitized access tracker record and service config?

    Best, Gorazd



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 5.  RE: Onguard Webauth Service for different switches

    MVP
    Posted 27 days ago

    You include all of the Enforcement Profiles in the Enforcement Policy rule.

    On each enforcement Profile, you set a Device Group List to which the profile applies to.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------