Security

Reply
Frequent Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

"Doesn't need to be default gw of the client though so we've just setup a quarantine network were the switches have a ip "

 

So did you use the switch "vlan 1" or management IP to acomplish this?

Marcelo Lew
Wireless Network Architect-Engineer
University of Denver
Frequent Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

Hi!

We added a quarantine vlan. The vlan is the one you assign a unautharized client on first connecting to the switch. Add a ip on the switch on that vlan (we used dhcp to avoid to much work :) ). And then the switch will redirect the client upon connecting to the switch.

 

So if you want to use vlan5 for anauthorized clients before they login to guestnetwork, then set a ip adress on the switch on vlan5.


ACMP | ACCP
New Contributor

Re: ClearPass Solution Guide: Wired Policy Enforcement

The Wired Policy Enforcement Guide was helpful. Is there are Wireless Policy Enforcement Guide available for download?

Re: ClearPass Solution Guide: Wired Policy Enforcement

Hi,

 

You can download all cppm technotes guides from below location

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961

 

 

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
New Contributor

Re: ClearPass Solution Guide: Wired Policy Enforcement

Appreciate this guide, though am I the only missing something or being confused with the steps?

On page 27 for example, should those role defintions already be created?

Likewise on page 28, for the enforcement profies?

Or are they being created during the enforcement policy setup as shown on page 28?

Its the same query for roles and enforcement on pages 34 and 35

 

Appears to be a large gap in the guide if so?

Thanks

Tim

Guru Elite

Re: ClearPass Solution Guide: Wired Policy Enforcement

They’re examples. The document is meant to provide example configurations that you can adapt to your environment. It’s not designed to copy 1:1.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

Hi Tim,

 

Question about the DUR function for an ArubaOS switch. When we use normal VSA we can configure a port as an port based instead as an user based port. So the first deviuce opens the port and the devices behind doesn't need to authenticate. Also features as changing port speeds and so on. Is there any info about this things?

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
New Contributor

Re: ClearPass Solution Guide: Wired Policy Enforcement

Thanks for the reply.

The walk through certainly helped.

My issue is, for the 802.1x service, I cannot seem to get the authorization and enforcement working correctly.

The 802.1x service works and assigns the correct vlan.

Though that only happens if the default profile is set as the enforcement policy I wish to enforce for the domain group.

I'm wanting to simply ensure, users of a particular domain group are enforced.

any thoughts would be appreicated!

Highlighted
Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

Any update on Cisco IBNS 2.0/IOS-XE/Denali+?

Occasional Contributor II

Re: ClearPass Solution Guide: Wired Policy Enforcement

Hello all,

 

I've ran into a limitation on 2930F switches with local user-roles. When I try to define a new user-role I get the following error:

 

"The maximum number of local user roles allowed is 32".

 

This is a big problem since our customer is using more then 32 vlan's on their access layer. I personally don't want to go back to the days of having to manually configure a port so I'm working with support to get this resolved. Also posting here since I didn't find this particular limit anywhere in docs or community posts.

 

I'm considering to try downloadable user roles if it allows me to add more then 32 user-roles to the switches, but I don't know if that'll let me pass the limitation. More testing required ;-)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: