Regular Contributor I

CPPM authentication forward

I have two seperate CPPM clusters.  One for corp and BYOD authentications/Onboarding and another for Guest provisioning and authentication.  For security reasons our guest cluster is in a dedicated DMZ.  I am wanting to put together a lab to demo NAC authentication with dACL's to some Cisco switches that allow guest and corp users to plug into the same network.  I also want to do NAC authentication of corp and guest users on Aruba switches and put then into roles based on who they are.  I have a decent idea of how to do all this except one part.


If a guest user plugs into the Cisco switches and the ports are set up to validate who you are to the NAC CPPM servers and lets CPPM knows you are not a corp user then the dACL pushed to the switch will give you rights to what???  How can I make the Cisco port look like an untrusted aruba port so the user has to authenticate to my CPPM guest servers?  I would have a requirement to make the user authenticate to the Guest CPPM captive portal page still.  Any way to make this work?

Guru Elite

Re: CPPM authentication forward

You would use an AV-Pair with the redirect URL and ACL.



| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: