Security

Reply
Highlighted
Contributor I

Multiple DURs per port

Hello team,

 

I'm unable to find documentation concerning multiple downloadable user roles to a single switch port. The Wired Guide seems to refer to a local user role for VOIP products.

 

Use case: PC or Printer connected between a VOIP product. Currently, CPPM is configured to return a VOIP DUR (with tagged and untagged VLAN - I know the latter is an issue) and then a role specific DUR based on user/machine attribute for the device authenticating behind it.

 

Such a design doesn't seem probable based on my experience with AAA products, and I cannot find any documentation....thoughts?


Accepted Solutions
Highlighted
Moderator

Re: Multiple DURs per port

Roles are assigned by MAC address. Simply configure the policy in ClearPass to return the appropriate role for each device/user type following the Solution Guide for Wired Policy Enforcement.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Multiple DURs per port

Roles are assigned by MAC address. Simply configure the policy in ClearPass to return the appropriate role for each device/user type following the Solution Guide for Wired Policy Enforcement.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor I

Re: Multiple DURs per port

Gotcha, DURs will then take a "user" instead of "port" based approach.

 

Is there any documentation on DUR ACL size limitations and/or limitation on the number of DURs assigned in total? Or is it just going to be dependent on switch model ACL capacity either locally or through IDM?

Highlighted
Moderator

Re: Multiple DURs per port

Yes, user roles are per user.

Regarding switch capacity, I would recommend asking that in the switching forum. I don’t know the answer.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: Multiple DURs per port

Thanks Tim. Enjoy your travels!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: