Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Which NAS IP takes priority?

This thread has been viewed 1 times

  • 1.  Which NAS IP takes priority?

    Posted Mar 13, 2015 12:39 PM

    The NAS IP can be defined in two places:

     

    1. In Authentication > Advanced.  This has been called a 'global' configuration, but in a master-local setup, it's controller-specific.  For the purpose of consistency, I'll continue to call this 'global'.

     

    2. In Authentication > RADIUS server.  This is specific to the RADIUS server.

     

    I'm trying to figure out which one has precedence if both are set.  The following post indicates that the server-specific IP overrides the global IP: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/NAS-or-NAD-IP-in-a-master-local-configuration/td-p/60514

     

    However, our tests seem to indicate the opposite.  We have a server-specific IP set, but when we change the global IP, the RADIUS server reports the new, changed IP under the Radius:IETF:NAS-IP-Address field.

     

    We have two controllers in a master-local setup.  We are using Clearpass and MS NPS servers for RADIUS authentication and authorization. 

     

    Can anyone corroborate this finding?



  • 2.  RE: Which NAS IP takes priority?

    EMPLOYEE
    Posted Mar 19, 2015 01:53 AM

    I don't know what ip address takes priority based on your combination of circumstances or your version of code.  How about putting NO ip addresses anywhere, so that the switch ip is the source ip address...?