Security

last person joined: 6 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Low impact mode

This thread has been viewed 0 times

  • 1.  Low impact mode

    Posted Oct 22, 2018 02:51 PM
    Hello ,

    Can we configure low impact mode work on cppm
    I mean to use pre auth acl on Cisco switch with limited access to DHCP etc instead of monitor mode which allows everything on acl. The same works on Cisco ise.


  • 2.  RE: Low impact mode

    Posted Oct 23, 2018 01:13 AM

    Hi,

     

    You can make Clearpass push a dACL to a Cisco switch. There is a predefined template for it in the Enforcement Profile:

    https://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/Cisco%20Switch/DACL_setup.htm

    So you should be able to have a pre auth ACL on the switchport and then the dACL should overwrite it after authentication.

     

    I have not tried this myself and dont have time untill the weekend to try this in my lab, but in theory it should work.

     

    Regards

    Philip