Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wired .1x cisco switch and cppm - q's about knowledgebase article

This thread has been viewed 0 times

  • 1.  Wired .1x cisco switch and cppm - q's about knowledgebase article

    Posted Feb 19, 2016 04:48 AM

    Am following this guide to test .1x on the wired network...

     

    http://community.arubanetworks.com/t5/tkb/articleprintpage/tkb-id/AAANACGuestAccessBYOD/article-id/283

     

    Was using a 3750, so was able to use the same commands as highlighted, however, there is no details on what the IP's that are used actually refer too...  

     

    Reading through the guide, Ive assumed the following:

     

    10.30.156.130 is the AD Server

    10.30.156.132 is the Cisco Switch

     

    But cant figure out what this actually refers to as there is no other reference to it in the article...  I would have assumed the AAA server would have been the Radisu server, i.e., CPPM...

     

    Next we need to add a AAA server for dynamic authorization. Here’s how we do that:

    Cisco-3750-Lab(config)# aaa server radius dynamic-author
    Cisco-3750-Lab(config-locsvr-da-radius)# client 10.30.156.119 server-key aruba123
    Cisco-3750-Lab(config-locsvr-da-radius)# port 3799
    Cisco-3750-Lab(config-locsvr-da-radius)# auth-type all
    Cisco-3750-Lab(config-locsvr-da-radius)# exit
    Cisco-3750-Lab(config)#
     
     
     


  • 2.  RE: Wired .1x cisco switch and cppm - q's about knowledgebase article

    Posted Feb 19, 2016 11:01 AM

    In that example, there are 3 IP Addresses, they should refer to the following.    Also consider looking at the Aruba Solution Exchange entry for Cisco Wired 801.1X

     

    • 10.30.156.119 - ClearPass Policy Manager (RADIUS Server)
    • 10.30.156.130 - AD Domain Controller (Authentication Source for CPPM)
    • 10.30.156.132 - Cisco switch (RADIUS Client)

     



  • 3.  RE: Wired .1x cisco switch and cppm - q's about knowledgebase article

    Posted Feb 19, 2016 11:17 AM

    Thanks.. I did think that, but seeing the term "client" in the code, I assumed it may have been the switch IP, rather then it actually meaning the server.

     

    Ill give that a go.. an thanks for the link!

     

    Cheers

     

     



  • 4.  RE: Wired .1x cisco switch and cppm - q's about knowledgebase article

    Posted Feb 19, 2016 11:30 AM

    In that part of the config, it is setting the Change of Authorization (CoA) configuratin on the Cisco switch; so in essence CPPM is the client to the switch for CoA.


    Taken from Cisco docs:

     

    aaa server radius dynamic-author

    Enters dynamic authorization local server configuration mode and specifies a RADIUS client from which a device accepts Change of Authorization (CoA) and disconnect requests. Configures the device as a AAA server to facilitate interaction with an external policy server.