Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multiple DURs per port

This thread has been viewed 9 times

  • 1.  Multiple DURs per port

    Posted Sep 11, 2018 11:43 PM

    Hello team,

     

    I'm unable to find documentation concerning multiple downloadable user roles to a single switch port. The Wired Guide seems to refer to a local user role for VOIP products.

     

    Use case: PC or Printer connected between a VOIP product. Currently, CPPM is configured to return a VOIP DUR (with tagged and untagged VLAN - I know the latter is an issue) and then a role specific DUR based on user/machine attribute for the device authenticating behind it.

     

    Such a design doesn't seem probable based on my experience with AAA products, and I cannot find any documentation....thoughts?



  • 2.  RE: Multiple DURs per port
    Best Answer

    EMPLOYEE
    Posted Sep 11, 2018 11:47 PM
    Roles are assigned by MAC address. Simply configure the policy in ClearPass to return the appropriate role for each device/user type following the Solution Guide for Wired Policy Enforcement.


  • 3.  RE: Multiple DURs per port

    Posted Sep 11, 2018 11:53 PM

    Gotcha, DURs will then take a "user" instead of "port" based approach.

     

    Is there any documentation on DUR ACL size limitations and/or limitation on the number of DURs assigned in total? Or is it just going to be dependent on switch model ACL capacity either locally or through IDM?



  • 4.  RE: Multiple DURs per port

    EMPLOYEE
    Posted Sep 11, 2018 11:59 PM
    Yes, user roles are per user.

    Regarding switch capacity, I would recommend asking that in the switching forum. I don’t know the answer.


  • 5.  RE: Multiple DURs per port

    Posted Sep 12, 2018 12:00 AM

    Thanks Tim. Enjoy your travels!