Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Block Traffic between clients - allow only routed traffic

This thread has been viewed 2 times

  • 1.  Block Traffic between clients - allow only routed traffic

    Posted Nov 12, 2019 02:32 AM

    Hi,

     

    i put some kind of wired devices in a separte VLAN via Clearpass.

    - The devices are conntected to Aruba/Procurve switches.

    - They are all in the same Class-C IP Subnet

     

    How can I managed that they can't to each other in this networks, they should only talk to routed traffic from other networks ( manged by Firewall Policies).

     

    Is there a way by dymaic ACLs or other solutions?

     

    Regards,

    Tobi



  • 2.  RE: Block Traffic between clients - allow only routed traffic

    Posted Nov 12, 2019 06:14 AM

    you can config it using port isolation in access ports.



  • 3.  RE: Block Traffic between clients - allow only routed traffic

    Posted Nov 13, 2019 12:34 PM

    I've been wondering about this too so I tried it with ClearPass 6.8.3. Seems it not really possible to do at least from the GUI editor. There is no way to specify source IP in classes. I was hoping to create two rule, first to block from 10.0.0.0/24 to 10.0.0.0/24 and then allow everything else.

     

    Maybe if you do generic RADIUS profile and manually write everything it might work, but that would be quite hard to manage...

     

    "Other" solution is to have at least 2930F and a controller, and use dynamic segmentation