Security

Reply
Occasional Contributor II

Re: Dual Port IP Phone

Herman,

 

i've already working with TAC. case #: 5325370422 

 

I think it would be easier if I just remove any VLAN pushing in the enforcement profile and just follow any VLAN in the port being connected to.

 

by doing this way, I could prevent any VLAN changing and stick to the same VLAN based on the port configuration.

 

quick question, my end user suddenly asked for social login with wired port. that means, we can authenticate the user using social login when web redirection happens

 

is this possible?

MVP Guru

Re: Dual Port IP Phone

Yes, social login would work on wired as well, however, depending on the cloud authentication provider, you will need to allow (whitelist) access to the login service of that provider (see https://github.com/aruba/clearpass-cloud-service-whitelists for what you need to whitelist). As of today, the switches only allow you to put IP addresses in there (as far as I know), which makes it challenging to allow the right traffic while blocking (most) everything else.

 

If you have an Aruba controller or NextGen firewall that works with ClearPass Exchange, you might be able to find a way to filter the traffic there.

 

Maybe someone on this forum has experience with Social Logon on wired?

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Occasional Contributor II

Re: Dual Port IP Phone

Herman,

 

yeah this one can only be done with integration of the aruba controller by using Per User Tunnel Node method as the switch wont be able to do whitelist base on domain name.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: