Security

Hi,

 

I have four Aruba 7220 controllers in cluster with VRRP on each controller plus VRRP IP for "aruba-master" for new APs. Everything managed from Mobility Master.

 

Client AD authentication - Do I need to setup four 802.1x Services on ClearPass server to get 802.1x work or can I use only one service there I have all four controllers together, in same service?

 

What is a best-practice?

In most cases one service for wireless 802.1X should be fine



Thank you

Victor Fabian

Pardon typos sent from Mobile

Thanks for your fast reply!

 

Well, that's what I tried to do but...

 

I have APs and clients on all four Aruba controllers which means that authentications request coming from all four controllers. And as 802.1x service is build I can't have a NAD-gruop only one MD per service, or? 

See attached file.

 

How you guys do with authentications coming from Aruba Cluster and from different controllers?

You can create a device attribute under configuration > network devices > attribute tab > device (device type or device id) and then you can include that in the service

Sent from Mail for Windows 10

I would choose one of the following options:

 

1. Configure a device group under Configuration >> Network >> Device Group and match the device group in the service 
2. Use a regular expression in the service

Check the screenshot for an example

 

 

Just put all the controller IPs in one NAD group. Also keep in mind that using NAS groups is optional.