Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Data IP or Management IP?

This thread has been viewed 2 times

  • 1.  Data IP or Management IP?

    Posted Sep 07, 2018 03:49 PM

    Was curious what the best practice is for what IP to use for NAS devices utilizing ClearPass for authentication:  the Management IP or the Data/External IP?  

    I have all of our devices pointing at the Management IP for several years now, however the managment IP will be changing soon.  I was curious if I could simply point NAS devices at the Data IP and be done. (Data IP is on completely different subnet than the Managment IP....both are reachable from entire environment).

     



  • 2.  RE: Data IP or Management IP?
    Best Answer

    EMPLOYEE
    Posted Sep 07, 2018 08:44 PM
    We recommend using a single interface for all traffic.


  • 3.  RE: Data IP or Management IP?
    Best Answer

    MVP
    Posted Sep 09, 2018 09:33 PM
    A few things I learned the hard way: 1. All traffic, except traffic sourced from the same subnet as the MGMT interface, will be routed out the DATA interface. 2. Having a single interface is much easier 3. The routing table in CPPM can be adjusted to fit your needs. 4. if you want both, I believe the DATA interface is designed to handle requests, unless you have a flat network, then it wouldnt really matter. 5. The DATA interface is not designed as a DMZ link for Guest traffic, although it was a common request in my experience. hope they help


    #AirheadsMobile


  • 4.  RE: Data IP or Management IP?

    Posted Sep 10, 2018 10:35 AM

    Thank you both for your suggestions.  I will be migrating to the single data interface and call it a day.  Thanks again.