Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Endpoint Profiling IAPs

This thread has been viewed 1 times

  • 1.  Endpoint Profiling IAPs

    Posted May 24, 2018 01:55 AM

    Has anybody successfully been able to profile IAP's using a seperate management VLAN and user VLAN using a  MAC Auth service?

     

    I am able to profile the IAP and return an enforcement profile using a MAC Auth service that will untag the port for management and tag the port for user traffic. The problem comes when clients associate to the SSID.  They successfully perform Radius authentication however when traffic reaches the port on the switch they are sent to the MAC Auth service and to the default enforcement profile associated with it.

     

    I opened at TAC case with a Clearpass Engineer who also brought a Switch Enginner in on the call but so far we have been unable to resolve this.  I also engaged a few Aruba SE's but they also have no Ideas so I am hoping that somebody has done this and can let me know how they were able to over come this issue.

     

     

     



  • 2.  RE: Endpoint Profiling IAPs

    EMPLOYEE
    Posted May 24, 2018 01:58 AM
    You need to use the Port Auth Mode VSA to change the interface to port based for the IAP authentication.


  • 3.  RE: Endpoint Profiling IAPs

    Posted May 24, 2018 05:39 PM

    That worked great.  Thanks for the help and quick response.