Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass - Cisco wired, any version dependancy?

This thread has been viewed 1 times

  • 1.  Clearpass - Cisco wired, any version dependancy?

    EMPLOYEE
    Posted Oct 20, 2015 03:29 AM

    Looking to do a Clearpass with Cisco wired dot1x and onguard.  There will also be some voip phones etc.

     

    Just wondering if there is any version dependancy on the Cisco?  I see the latest documentation says "tested using 12.2(55) SE7", but not clear if that is an actual dependancy.

     

    The customer has a mixture of 12.2(53) SE2 and 12.2(55) SE5.  Are these versions fine?



  • 2.  RE: Clearpass - Cisco wired, any version dependancy?

    EMPLOYEE
    Posted Oct 20, 2015 04:09 AM
    It is based on what you are trying to do, .1x, MAC auth and Captive portal. There are also bugs that have been seen on certain IOS versions. That is why we recommend certain version.


  • 3.  RE: Clearpass - Cisco wired, any version dependancy?

    EMPLOYEE
    Posted Oct 20, 2015 04:16 AM

    Dot1x for computers with Onguard.  Phones and printers with a mac-auth, and the PC plugged into them doing a dot1x.  No captive portal.



  • 4.  RE: Clearpass - Cisco wired, any version dependancy?

    Posted Oct 20, 2015 06:05 AM
    The reason Troy mentioned that you might need captive portal is because you may need to redirect the user to page inform that the device is not compliant or redirect a non-domain laptop to download the persistent agent.


  • 5.  RE: Clearpass - Cisco wired, any version dependancy?

    Posted Oct 20, 2015 06:48 AM
    It also depends on the platform. I discovered a Cisco dot1x bug recently on the 4500 series that took them over six months to fix