Security

Reply
Highlighted
Occasional Contributor II

Multiple DURs per port

Hello team,

 

I'm unable to find documentation concerning multiple downloadable user roles to a single switch port. The Wired Guide seems to refer to a local user role for VOIP products.

 

Use case: PC or Printer connected between a VOIP product. Currently, CPPM is configured to return a VOIP DUR (with tagged and untagged VLAN - I know the latter is an issue) and then a role specific DUR based on user/machine attribute for the device authenticating behind it.

 

Such a design doesn't seem probable based on my experience with AAA products, and I cannot find any documentation....thoughts?

Guru Elite

Re: Multiple DURs per port

Roles are assigned by MAC address. Simply configure the policy in ClearPass to return the appropriate role for each device/user type following the Solution Guide for Wired Policy Enforcement.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Multiple DURs per port

Gotcha, DURs will then take a "user" instead of "port" based approach.

 

Is there any documentation on DUR ACL size limitations and/or limitation on the number of DURs assigned in total? Or is it just going to be dependent on switch model ACL capacity either locally or through IDM?

Guru Elite

Re: Multiple DURs per port

Yes, user roles are per user.

Regarding switch capacity, I would recommend asking that in the switching forum. I don’t know the answer.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Multiple DURs per port

Thanks Tim. Enjoy your travels!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: