Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CLearpass 2920 Aruba switch and Polycom IP phone

This thread has been viewed 0 times

  • 1.  CLearpass 2920 Aruba switch and Polycom IP phone

    Posted Oct 10, 2016 05:01 AM

    Hello,

     

    I want to use clearpass to authenticated my Polycom IP phone on a aruba 2920 switch.  I uses MAC-based with a staic host list

     

    Seen from clearpass this works, the richt vlans are send.

    But the phone doens'n works. No IP adress.

     

    What we see by whireshark is that the LLDP trigger for the richt VLAN tag is asked by the Phone only the switch doesn't react becauses the authentication is done later. So it looks like a timing issue.



  • 2.  RE: CLearpass 2920 Aruba switch and Polycom IP phone

    Posted Oct 11, 2016 11:22 AM

    I tested futher,

     

    With a Cisco IP telefoon it works fine with LLDP.

     

    For the Polycom i need to enable CDP to get it to work.

    Not what i want.

    Or send a tagged and untagged vlan through clearpass and use the DHCP option to get the VLAN tag.

    Also Not what i want.

     

    Anybody an idea how to get LLDP for the Polycom to get to work?



  • 3.  RE: CLearpass 2920 Aruba switch and Polycom IP phone
    Best Answer

    Posted Jan 24, 2017 09:36 AM

    The problem was/is the switch firmware.

    When authentication was enabled on the interfaces LLDP packets where not distributetd anymore.

     

    This is solved in WB.16.02.0015.

    NOT the WB.16.03.0003