Security

Reply
Highlighted
Contributor I

ClearPass 802.1x service for Aruba Cluster

Hi,

 

I have four Aruba 7220 controllers in cluster with VRRP on each controller plus VRRP IP for "aruba-master" for new APs. Everything managed from Mobility Master.

 

Client AD authentication - Do I need to setup four 802.1x Services on ClearPass server to get 802.1x work or can I use only one service there I have all four controllers together, in same service?

 

What is a best-practice?


Accepted Solutions
Highlighted
Guest Blogger

Re: ClearPass 802.1x service for Aruba Cluster

I would choose one of the following options:

 

  1. Configure a device group under Configuration >> Network >> Device Group and match the device group in the service 
  2. Use a regular expression in the service

Check the screenshot for an example

 

 

@rene_booches | AMFX #26, ACMX #438, ACCX #725, ACDX #760, CCNP R&S, CEH | Co-owner/Solution Specialist@4IP / blog owner@booches.nl

View solution in original post


All Replies
Highlighted
MVP Expert

Re: ClearPass 802.1x service for Aruba Cluster

In most cases one service for wireless 802.1X should be fine



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Contributor I

Re: ClearPass 802.1x service for Aruba Cluster

Thanks for your fast reply!

 

Well, that's what I tried to do but...

 

I have APs and clients on all four Aruba controllers which means that authentications request coming from all four controllers. And as 802.1x service is build I can't have a NAD-gruop only one MD per service, or? 

See attached file.

 

How you guys do with authentications coming from Aruba Cluster and from different controllers?

Highlighted
Moderator

Re: ClearPass 802.1x service for Aruba Cluster

Just put all the controller IPs in one NAD group. Also keep in mind that using NAS groups is optional.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP Expert

Re: ClearPass 802.1x service for Aruba Cluster

You can create a device attribute under configuration > network devices > attribute tab > device (device type or device id) and then you can include that in the service

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Guest Blogger

Re: ClearPass 802.1x service for Aruba Cluster

I would choose one of the following options:

 

  1. Configure a device group under Configuration >> Network >> Device Group and match the device group in the service 
  2. Use a regular expression in the service

Check the screenshot for an example

 

 

@rene_booches | AMFX #26, ACMX #438, ACCX #725, ACDX #760, CCNP R&S, CEH | Co-owner/Solution Specialist@4IP / blog owner@booches.nl

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: