Security

Reply
Frequent Contributor II

ClearPass wired 802.1x use local vlan on switch?

After reviewing the ClearPass 802.1x wired template, it looks like to implement 802.1x we must assign a vlan to a user once they authenticate.  In most configuration guides, this is called a dACL.  For example (https://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/223/1/Cisco%20Switch%20Setup%20with%20CPPM-v1.2.pdf) indicates this behavior under the Section 3 802.1x Service Setup.

 

I would like to have users authenticate with 802.1x wired, but use the vlans that are already assigned on the port.  Is this possible?

rwin = 0
Guru Elite

Re: ClearPass wired 802.1x use local vlan on switch?

Yes, just send back an accept.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: ClearPass wired 802.1x use local vlan on switch?

Can you point me to a guide that details how to do that with an enforcement policy?

 

2018-02-27-sea-policy.PNG

Is there an option above that I should be sending back specifically?

rwin = 0
Guru Elite

Re: ClearPass wired 802.1x use local vlan on switch?

Use the pre-built [Allow Access Profile] which just returns an ACCESS-ACCEPT.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: ClearPass wired 802.1x use local vlan on switch?

Thank you! This worked great.

rwin = 0
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: