Security

Reply
Frequent Contributor II

Data IP or Management IP?

Was curious what the best practice is for what IP to use for NAS devices utilizing ClearPass for authentication:  the Management IP or the Data/External IP?  

I have all of our devices pointing at the Management IP for several years now, however the managment IP will be changing soon.  I was curious if I could simply point NAS devices at the Data IP and be done. (Data IP is on completely different subnet than the Managment IP....both are reachable from entire environment).

 

Highlighted
Guru Elite

Re: Data IP or Management IP?

We recommend using a single interface for all traffic.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: Data IP or Management IP?

A few things I learned the hard way: 1. All traffic, except traffic sourced from the same subnet as the MGMT interface, will be routed out the DATA interface. 2. Having a single interface is much easier 3. The routing table in CPPM can be adjusted to fit your needs. 4. if you want both, I believe the DATA interface is designed to handle requests, unless you have a flat network, then it wouldnt really matter. 5. The DATA interface is not designed as a DMZ link for Guest traffic, although it was a common request in my experience. hope they help


#AirheadsMobile


Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Frequent Contributor II

Re: Data IP or Management IP?

Thank you both for your suggestions.  I will be migrating to the single data interface and call it a day.  Thanks again. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: