Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Security > Authentication > Servers/server rules

This thread has been viewed 0 times

  • 1.  Security > Authentication > Servers/server rules

    Posted Dec 06, 2017 02:30 PM

    (OS 6.5)

    Hi all,

    we have a situation and I was wondering if any of you had use that set up before.

    We basically go for a single SSID and will do roles and vlans assignation based on a AD attribute. (condition based on a filter_id)

     

    In the server rules section, you can set a role or set a vlan.

    Have you ever tried to condimbed the 2 before ?

    for ex filter_id X will have role A and be on vlan 100

    while filter_id Y will have role B and on vlan 200

     

    We don't have the chance to be able to test it. As it is prod I prefer to ask first.

    I am so used to firewall rule that , once hit , it stops .. my concern is that it would hit the role  and stop instead of going to the next rule that it is the vlan

     

    Thanks.

     



  • 2.  RE: Security > Authentication > Servers/server rules

    EMPLOYEE
    Posted Dec 06, 2017 02:33 PM
    Just curious, why aren't you using VLAN names and returning the name directly from your RADIUS server in the VSA?


  • 3.  RE: Security > Authentication > Servers/server rules

    Posted Dec 06, 2017 05:45 PM
    I honestly didn’t know about that option .if you think it’s the most appropriate, I ll look at it
    Thanks


  • 4.  RE: Security > Authentication > Servers/server rules
    Best Answer

    EMPLOYEE
    Posted Dec 06, 2017 05:51 PM
    Definitely a cleaner way (and way less stuff to maintain). It's also a best practice.


  • 5.  RE: Security > Authentication > Servers/server rules

    Posted Dec 06, 2017 05:55 PM
    Thanks for your help!