Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Roles rules by Switch & Port in Clearpass

This thread has been viewed 2 times

  • 1.  Roles rules by Switch & Port in Clearpass

    Posted Aug 01, 2018 02:10 PM

    We are jsut starting to leverage Clearpass for authentication on our switches and I'm trying to find the right way to assign roles based on a combination of switch and port. 

     

    These are third party switches, and the best I've been able to figure out it to make individual role rule entries using the IETF-NAS-Identifier and IETF-NAS-Port.  Since those are two seperate values I have to make individual entries for each pair.

     

    For example, if I want to identify specific ports on our network allowed to service PCI related devices, I have to put in individual entries for each switch/port pair.    Event if I could find a value that was the switch/port pair, that would make that a *lot* cleaner.

     

    Am I missing something somewhere, is there a better way to do that?  (I hope!)

     

    Many Thanks.

     

    --Bryan



  • 2.  RE: Roles rules by Switch & Port in Clearpass
    Best Answer

    EMPLOYEE
    Posted Aug 01, 2018 02:13 PM
    You could create a custom attribute on each Network Device definition that contains a set of numbers. Then use a parameterized variable in your policy to compare the Network Device to the IETF NAS-Port-Id from the RADIUS request.


  • 3.  RE: Roles rules by Switch & Port in Clearpass

    Posted Aug 01, 2018 02:17 PM

    That is an interesting idea, and I could probably manage the list externally via API.  I'll experiment with that.   Thanks!