Security

Reply
Guru Elite

ClearPass Solution Guide: Wired Policy Enforcement

Team Aruba,

 

We’re happy to announce an update to the ClearPass Solution Guide for Wired Policy Enforcement. Version 2018-01 adds OnConnect for Comware 7 (added in ClearPass 6.7.1), changes for ClearPass 6.7 and some overall tweaks and updates.

 

2018-01 Release Notes:

  • Major Updates
    • [CW7] Added ClearPass OnConnect section
    • [CW7] Updated dynamic authorization references to use new H3C templates in 6.7

 

  • Minor Updates
    • [AOS-S] corrected ordering of some commands
    • [AOS-S] added addr-limit config
    • [AOS-S] added SNMP server trap source
    • [AOS-S] updated DUR section to include standard mode added in 6.7
    • [AOS-S] updated web auth service to use new page name attribute added in 6.7
    • [Cisco] Added note about LAN base image
    • [Cisco] updated web auth service to use new page name attribute added in 6.7
    • [CW7] updated web auth service to use new page name attribute added in 6.7

 

Updated Document Summary:

  • Wired enforcement options and technologies
  • ArubaOS-Switch configurations:
    • Colorless port: 802.1X, MAC Auth, Captive Portal with local and downloadable user roles
    • OnConnect
    • Per-Port Tunneled-Node (PPTN)
    • Per-User Tunneled-Node (PUTN)
  • Comware 7 configuration:
    • Colorless port: 802.1X, MAC Auth, Captive Portal
    • OnConnect
  • Cisco IOS 12.x/15.x (IBNS 1.0) configuration:
    • Colorless port: 802.1X, MAC Auth, Captive Portal
    • OnConnect

 

 

Document Link (v2017-02): ClearPass_Solution-Guide_Wired-Policy-Enforcement_v2018-01.pdf

 

Future releases to include: 

  • Cisco IOS-XE 'Denali' (16.x) with IBNS 2.0
  • Juniper EX

Enjoy

 

- Aruba Security Team


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thank you very much for this guide.

So i can use this guide to use cisco switch and CPPM for wired guest captive portal services?

 

Cisco switch: Catalyst 3560-CX series (version: 15.2(4)E2)

CPPM: running on VM using trial license (90 days)

 

Cheers

Tariq

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Yes.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Hi, Tim 

 

Great doccument.

Question you tested with the 5510_HI_7.10.R1308. 

Is the COA already supported here (5510 HI)?

I really need this.

 

 

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Yes, as mentioned in the doc:

 

This configuration has been tested on the HPE 5130EI, 5130HI and 5510HI.

The minimum versions of  Comware 7 required for this configuration are:

5130_EI_7.10.R3113P02

5130_HI_7.10.R1308
• 5510_HI_7.10.R1308


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thanks,

 

In document it says:

"Configuring a self-registration workflow in Guest is outside the scope of the document"

 

Can I get a link to above so that I can complete rest of configuration?

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

http://www.arubanetworks.com/techdocs/ClearPass/6.6/Guest/Default.htm#Configuration/CustomizingSelfProvisionedAccess.htm%3FTocPath%3DConfiguration%7CPages%7CCustomizing%2520Guest%2520Self-Registration%7C_____0

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Thanks Tim,

I followed this guide for CleasPass:Web Authentication section and configured my test CPPM as such. I configured guest page and Cisco switch.

 

I am getting below error:

===

Error Code:

204

Error Category:

Authentication failure

Error Message:

Failed to classify request to service

 Alerts for this Request  

RADIUSService Categorization failed
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Did you configure the Guest side?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
TQ
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

yes I did, not sure if I have missed something. 

I followed link you posted for guest configuration.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: