Security

Reply

Colorless ports and dynamic VLANs

Hi everyone,

After I saw a webinar about ClearPass together with the colorless ports technology, I wonder what is the difference between using colorless ports (and only colorless ports, no port-tunnel mode or per-user tunnel mode which introduce other benefits) and using dynamic VLANs on the switches? Is colorless ports like dynamic VLANs + profiling? I mean, I can use a RADIUS server to push a specific VLAN and ACL to the switch based on the user credentials, although I cannot make decisions based on the type of device because a RADIUS server cannot do profiling. Is that the difference?

Regards,
Julián
MVP

Re: Colorless ports and dynamic VLANs

Yes, thats correct. Colorless port concept rely on device profiling to return the appropriate VLAN/policy. All ports will have the same config (colorless) and based on the device type connectd (AP, IP camera, printer), NAC (ClearPass) will return the appropriate VLAN/role.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.

Re: Colorless ports and dynamic VLANs

Hi,

 

Then, if I didn't need profiling, for example, all users with PCs authenticated with credentials, I could use a RADIUS server to return the VLAN/policy to each. The drawback I see on this it is more difficult to configure a RADIUS server for this (i.e. NPS) and maybe the RADIUS server doesn't have many policy features even if they are supported by the switch vendor, for example, RADIUS timeout, bandwitdh contract, etc. Please let me know your comments or if I skipping something.

 

Regards,

Julián

Guru Elite

Re: Colorless ports and dynamic VLANs

Colorless ports is really an experience you get from a policy engine like ClearPass, not a basic RADIUS server like NPS.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Colorless ports and dynamic VLANs

Yes,

 

I understand that Colorless ports = 802.1X + MAC Auth + Profiling. I can use a RADIUS server to return a policy based on 802.1X and MAC Auth, but not based on profiling.

 

Regards,

Julián

Highlighted
Guru Elite

Re: Colorless ports and dynamic VLANs

Please keep in mind that “colorless ports” is not a feature. It’s just a way to express an experience.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: