Security

Hello everyone, I am aware of an article with high level overview of the solution, https://community.arubanetworks.com/t5/Security/Wired-802-1x-phone-and-PC/td-p/275692, but was wondering if someone can share some low level information. The way we are trying to set this up is to define all device types as Attributes for every switch in the estate (Network Device->(select a switch)->Attributes-> create entry for a type of device (i.e. Corporate, CCTV, AV...) and assign VLAN ID as a "Value"), an after successful authentication push correct Attribute by Enforcement Policy to the switch. In case of VoIP phones we will have one tagged VLAN (phone), and one untagged (PC). The question is how will our Enforcement Policy combine both attributes, and how is CPPM going to enforce tagged/untagged VLANs config onto switch. Thanks in advance.

Hello,

 

I had the same issue a few weeks ago and posted here as well. Take a look at the thread I opened: https://community.arubanetworks.com/t5/Security/802-1x-authentication-in-Aruba-HPE-switches/td-p/376932

 

You can check this as well (there is a wealth of info here): http://wiki.freeradius.org/vendor/HP#RFC-4675-(multiple-tagged/untagged-VLAN)-Assignment

 

Best Regards,

Kevin

Did you look at the ClearPass Solution Guide for Wired Policy Enforcement? That is the topic of this entire doc.

Thanks both, I will go through both Kevin's links and a document Tim has pointed at.