Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Management and Data Interfaces

This thread has been viewed 6 times

  • 1.  CPPM Management and Data Interfaces

    Posted Jun 30, 2020 03:19 AM

    I have current management interface with cppm that i am using. Can I use same interface for the NAD <---> CPPM communication?

     

    I see there is data interface and it needs a different subnet - what is it used for?

     

    is it necessary to have one? 



  • 2.  RE: CPPM Management and Data Interfaces
    Best Answer

    EMPLOYEE
    Posted Jun 30, 2020 03:31 AM

    Hi,

     

    In brief, it is easier & more common to deploy ClearPass with a single management interface. The data interface is optional while the management interface is mandatory.

     

    Yes you can use the mgmt interface for NAD-->CPPM communication.

     

    If you really want to check more details about the data interface, check this document https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_ViewDetails/Default.aspx?EntryId=14011



  • 3.  RE: CPPM Management and Data Interfaces
    Best Answer

    EMPLOYEE
    Posted Jun 30, 2020 06:13 AM

    Further to ayman_mukaddam's great response... The Data Port would commonly be used for Guest traffic if you didn't want 'Guests' to have access to the Mgmt Port IP.

     

    It might be worth reading the following documents to understand how the two ports work and how best to harden the ClearPass appliance if you need to:

    CPPM Service Routing TechNote - V3

    ClearPass_Deployment-Guide_Hardening_Guide_v2018-07.pdf



  • 4.  RE: CPPM Management and Data Interfaces

    Posted Jun 30, 2020 06:49 AM

    Thank u