Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

HP 2930F switch/Airgroups and a Mobility Controller

This thread has been viewed 4 times

  • 1.  HP 2930F switch/Airgroups and a Mobility Controller

    Posted Feb 22, 2018 10:27 AM

    Hi,

    So, I've got a 2930 F switch plumbed into our network and talking RADIUS 802.1x auth to our Clearpass server. Swith uplink connectes to one of our 5510 .However ......

     

    What I was interested in was enabling Airgroup connectivity for wired devivces on the switch so that they are part of the airgroup domain defined on our mobility controller.

     

    I *thought* that there was a presentation at the last Atmosphere that showed a switch tunneling to a mobility controller and allowing controoler policies and acls to be applied to devices on the switch. Looking at the application where a study bedroom would have airgroup access on the WiFi network ( WPA2-Enterprise and WPA2-PSK) and on the wired ( 2930F switches) and use clearpass guest t ocontrol it all ..... 

     

    If the above is correct,m can anyone point me at the appropraite documentation?

    Rgdd

    Alex

     



  • 2.  RE: HP 2930F switch/Airgroups and a Mobility Controller

    EMPLOYEE
    Posted Feb 22, 2018 10:41 AM
    Wired AirGroup servers can be discovered on the wire using the AP multicast aggregation features in ArubaOS.

    There is no official/supported method for wired clients (Aruba switches or not) to discover servers advertised by the controller.


  • 3.  RE: HP 2930F switch/Airgroups and a Mobility Controller

    Posted Feb 22, 2018 10:54 AM

    Hmmm I had a 5130 switch configured to have a tagged vlan into a router. mobility controller also had an interface on same vlan. Ran Chromecast and apple TV devices authenticated onto the wired vlan  and were visible to the controller. Could use android and ios devices to stream music and video from wpa2-enterprise snd wpa2-psk devices to the wired ones 

    Thought there was a switch config option to treat the switch as a "RAP" in order to connect it to the controller. roles and policies could then be applied to switch users with traffic going via mobility controller. 

     

     



  • 4.  RE: HP 2930F switch/Airgroups and a Mobility Controller
    Best Answer

    EMPLOYEE
    Posted Feb 22, 2018 11:10 AM
    Yes, there are definitely ways to get it to work, but most are not officially supported.

    Are you referring to tunneled-node? That will forward all traffic though, not just SSDP and mDNS advertisements. Take a look at the ClearPass Solution Guide for Wired Policy Enforcement.


  • 5.  RE: HP 2930F switch/Airgroups and a Mobility Controller

    Posted Feb 22, 2018 12:00 PM

    That sounds promising. thx

    A



  • 6.  RE: HP 2930F switch/Airgroups and a Mobility Controller

    Posted Mar 02, 2018 05:02 AM

    Now that's a good document.

    Got a pair of 2930F's and 2930M's configured as two stacks plumbed into our clearpass server .... just need to get them talking to our mobility controller