Security

Reply
Highlighted
MVP Expert

Colorless ports and dynamic VLANs

Hi everyone,

After I saw a webinar about ClearPass together with the colorless ports technology, I wonder what is the difference between using colorless ports (and only colorless ports, no port-tunnel mode or per-user tunnel mode which introduce other benefits) and using dynamic VLANs on the switches? Is colorless ports like dynamic VLANs + profiling? I mean, I can use a RADIUS server to push a specific VLAN and ACL to the switch based on the user credentials, although I cannot make decisions based on the type of device because a RADIUS server cannot do profiling. Is that the difference?

Regards,
Julián

Accepted Solutions

Re: Colorless ports and dynamic VLANs

Yes, thats correct. Colorless port concept rely on device profiling to return the appropriate VLAN/policy. All ports will have the same config (colorless) and based on the device type connectd (AP, IP camera, printer), NAC (ClearPass) will return the appropriate VLAN/role.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.

View solution in original post


All Replies

Re: Colorless ports and dynamic VLANs

Yes, thats correct. Colorless port concept rely on device profiling to return the appropriate VLAN/policy. All ports will have the same config (colorless) and based on the device type connectd (AP, IP camera, printer), NAC (ClearPass) will return the appropriate VLAN/role.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.

View solution in original post

Highlighted
MVP Expert

Re: Colorless ports and dynamic VLANs

Hi,

 

Then, if I didn't need profiling, for example, all users with PCs authenticated with credentials, I could use a RADIUS server to return the VLAN/policy to each. The drawback I see on this it is more difficult to configure a RADIUS server for this (i.e. NPS) and maybe the RADIUS server doesn't have many policy features even if they are supported by the switch vendor, for example, RADIUS timeout, bandwitdh contract, etc. Please let me know your comments or if I skipping something.

 

Regards,

Julián

Highlighted
Moderator

Re: Colorless ports and dynamic VLANs

Colorless ports is really an experience you get from a policy engine like ClearPass, not a basic RADIUS server like NPS.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP Expert

Re: Colorless ports and dynamic VLANs

Yes,

 

I understand that Colorless ports = 802.1X + MAC Auth + Profiling. I can use a RADIUS server to return a policy based on 802.1X and MAC Auth, but not based on profiling.

 

Regards,

Julián

Highlighted
Moderator

Re: Colorless ports and dynamic VLANs

Please keep in mind that “colorless ports” is not a feature. It’s just a way to express an experience.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: