Security

Reply
Occasional Contributor I

Re: ClearPass Solutions Guide: Wired Policy Enforcement

I have a question about profiling e.g. DHCP finger printing. Does the IP helper address needs to be set up on each and every single edge switch or just the core/distribution switch? For example if I want to set up a deadend VLAN for profiling, does this VLAN need to be L3 (I would assume so)? But does that also mean this VLAN need to be L3 on each (downstream) edge switch or L2 would work?

 

Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Generally it would be added to the client's gateway interface. In an L2 environment, that's commonly at the distribution layer. In an L3 environment, it's at the edge switch.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Guru Elite

Re: ClearPass Solutions Guide: Wired Policy Enforcement

Team,

 

This document has been updated (v2017-02) to include the new ArubaOS-Switch 16.04 features: Downloadable User Roles and Per-User Tunneled-Node.

 

The original post at the top has been updated.

 

Enjoy!


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: ClearPass Solution Guide: Wired Policy Enforcement

On pg. 29 for Endpoint:Guest Role EQUALS AD-User what do I need setup already to get something like that to work?

 

I can't use my normal Authorization:Active Directory:memberof instead here, can I?

 

I don't think I'm using the Device Role ID's really anywhere in my setup.

MVP Expert

Re: ClearPass Solution Guide: Wired Policy Enforcement

I found this guide mere minutes before my call with my Aruba Sales Team to discuss expanding our use of CPPM into wired policy enforcement.

As usual your timing is excellent as is your advice.

Thanks!

.

(do you want me to PM you any errors/typos?)

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Occasional Contributor II

Re: ClearPass Solution Guide: Wired Policy Enforcement

Awesome document!  Im about to do this with a customer nearly exactly the same as the document (802.1x with MAC and Captive Portal as last resort)   The

 

Is there anywhere we can get the clearpass configuration template (Service,roles,enforcment profiles) so i can modify that rather then send hours making something similar?  i had a look on the solutions exchange but no luck.

Guru Elite

Re: ClearPass Solution Guide: Wired Policy Enforcement

We're looking at enhancing the service templates in the future to more closely align with these type of solutions, but unfortunately nothing to share right now.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

Hi Tim,

 

First of all, thanks for creating this document, very useful. Is this the latest version of the document, or are there any newer revisions? Thanks.

 

NesaM

Regards,
NesaM --ACMP, ACCP, ACDP, CWNA--
Guru Elite

Re: ClearPass Solution Guide: Wired Policy Enforcement

Yes, it's the latest. The link in the thread is updated as new versions are released. Next one is due in the next month or so.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: ClearPass Solution Guide: Wired Policy Enforcement

Thanks Tim!

 

Regards,

NesaM

Regards,
NesaM --ACMP, ACCP, ACDP, CWNA--
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: